For fax sake: Retro tech leaves NHS open to cyber-attacks, say researchers

  • 20 August 2018
For fax sake: Retro tech leaves NHS open to cyber-attacks, say researchers

Hackers could gain access to NHS networks by exploiting vulnerabilities in fax machines, security researchers have suggested.

Staff at Check Point Software discovered exploits in widely-used fax machines that enable hackers to spread malware through a malicious image file.

Malware can be coded into the image file which, when decoded by the fax machine and uploaded to its memory, will spread through any network it is connected to.

The exploit discovered by Check Point only requires that a hacker know the fax number of the organisation it wishes to target, which can be easily found online.

A recent freedom of information (FOI) request revealed the NHS is clinging on to some 9,000 fax machines, despite them being scrapped by most other sectors in the early 2000s.

Nick Viney, regional vice president for UK, Ireland and South Africa at McAfee, explained that the fact that protocols in fax machines hadn’t been updated since the 1980s left them “wide open to cyber-attacks.”

Viney said: “It is shocking enough that so many organisations – particularly in the NHS and the rest of the public sector – still rely upon fax machines on a daily basis.

“Public sector organisations are having to juggle outdated technology with the challenge of competing with the private sector when it comes to attracting top security talent.

“However, the stakes for securing the sector and wider critical infrastructure are extremely high, given their strategic importance to the country and their position as a prime target for cyber criminals.”

Vulnerabilities were discovered in HP’s OfficeJet Pro All-in-One fax printer, although the same protocols are used in other multi-purpose printers and online fax services, making them vulnerable to the same exploit.

Yaniv Balmas, group manager for security research at Check Point, said: “Many companies may not even be aware they have a fax machine connected to their network.

“These overlooked devices can be targeted by criminals and used to take over networks to breach data or disrupt operations.

“It’s a powerful reminder that in the current, complex fifth-generation attack landscape, organisations cannot overlook the security of any part of their corporate networks.”

To minimise the security risk, organisations are advised to update fax-capable devices with the latest security patches and separate them from other devices on their networks.

HP has since issued security updates for its fax printers.

NHS Digital said the threat posed by hacked fax machines was minor.

A spokesperson told Digital Health News: “We have triaged the hacking of fax machines as a low severity vulnerability. Although it is possible, it would require a great amount of effort to exploit.”

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Two more Liverpool hospitals impacted by Alder Hey cyber attack

Two more Liverpool hospitals impacted by Alder Hey cyber attack

Alder Hey Children's NHS Foundation Trust has announced that the cyber attack it suffered last week has impacted two more hospitals.
Major cyber security incident declared at Merseyside hospital

Major cyber security incident declared at Merseyside hospital

A “major incident” has been declared at Wirral University Teaching Hospital NHS Foundation Trust “for cyber security reasons”.
Barts Health rolls out Cynerio cyber security platform

Barts Health rolls out Cynerio cyber security platform

Barts Health NHS Trust has rolled out Cynerio’s healthcare-focused cyber security platform across all of its sites.

9 Comments

  • Although fax to e-mail and these solutions have a place they really should be seen a migration step not a solution. I also don’t think use of e-mail should be the answer, shouldn’t we be looking at using proper electronic systems or developments to exchange correspondence or documentation, full audit trail etc. In reality what will probably happen is the use of fax will stop/reduce and then a document will be printed, physically signed and then scanned back and send on an e-mail. Use of proper system wide workflow solutions is what I think is needed.

  • Нормализовался аппетит, уменьшился объем желудка и потребляемой пищи, прошла отечность по утрам, улучшился метаболизм. А через месяц регулярного приема я потеряла примерно 10 кг, поэтому было решено пропить Диетонус еще раз. И как результат, теперь у меня стройная фигура, нет излишков жира на животе, талии и бедрах. Причем целлюлит был убран полностью и без нервных срывов, появления депрессивного состояния, ощутимых побочных эффектов. Даже расстройства пищеварения, тошноты и головокружения не было. А вот дополнительной энергии и сил прибавилось значительно, и этот эффект сохранялся в течение 2-3 недель после завершения приема. что-то вроде этого Мы часто не знаем, насколько наше здоровье, благополучие, эмоции, действия и вкусы, зависят от скрытых обитателей внутри тела. В настоящее время многие врачи допускают большую ошибку, не придавая надлежащего значения выявлению гельминтовых паразитов. Они продолжают распространяться, производить внутри яды и токсины, а сильнодействующие лекарства, выписываемые в больших дозах, наносят серьёзный урон организму. Отзывы врачей и других покупателей. Кстати, советуем вам прочесть отзывы известных врачей и реальных людей, которые мы для вас собрали.

  • There are a number of digital fax solutions in the UK market but none of them have the same integration with an organisations MFP’s (Photocopiers) that the RightFax solution offers. This is critical as it allows hard copy documents to be faxed as well as integrating into email/nhsmail for sending/receiving fax messages electronically. The recent statement from ProcessFlows/OpenText details why this ‘hacking’ article is irrelevant to organisations using RightFax.

  • I think you’ll find the only parts of the NHS that have FAX machines tend to be because GP practices and pharmacies do not want to invest in replacing their beloved FAX machine. The whole of the NHS is being held up by GP practices and pharmacies that will not pay for new technology unless forced to (or having it paid for them). Why every practice and pharmacy isn’t contractually obliged by NHSE to securely destroy every FAX machine and move into the 21st century, at their own expense, is beyond me. The size of a scanner is smaller than the old monolithic FAX beasts.

    • When our local trust switches to using secure @nhs.net email addresses, we will stop using faxes. Until then we simply cannot.

    • Whilst there may be GP Practices that still utilise fax machines, there are many secure fax options out there that would remove this risk and can reduce cost. Indeed many NHS organisations are using these internet fax options which do not require GP’s practices to change any of their technology or infrastructure

  • We’ve had NHS Net email for about that time too. So why are trusts still using fax….

  • 15 years ago I worked in a manufacturing company that used digital faxing, so the document landed on your PC which still allowed the sender to use their fax machine but we didn’t need them … 15 years later and I’ve still not seen this type of software in use in the Health Service?

    Surely that is the type of initiative that NHSD & E should be driving (and funding) from the center

    • Quite a few use fax to email.

Comments are closed.