Faxploit: New Research Shows How Fax Lets Viruses Into Your Clinic

“In ground breaking research, dubbed ‘Faxploit’, Check Point researchers show how cyber criminals could infiltrate any home or corporate network by exploiting all-in-one printer-fax machines. A fax number is the only thing required to carry out the attack.”

-Check Point

By now, you’ve likely heard about the ‘Axe the Fax’ campaign. Healthcare services and government agencies that handle patient information are being urged to cut out outdated communications technology and move instead to more advanced and secure electronic solutions. Using fax to share patient information is cumbersome, does little to protect patient privacy, can hinder effective and safe coordination of care, and thanks to Check Point’s cybersecurity research we now know that fax machines are critically vulnerable in the cyberthreat landscape.

Faxploit: how it works

1. Using only a fax number, a maliciously crafted file is sent to a fax machine. 2. Once the fax machine receives the file, the device can be compromised. 3. The potential attacker can use the fax machine as an access point into the entire network. Hopping from one part of the network to the next, infecting a wider portion of it as he/she progresses. 4. In just seconds, an entire network can be compromised, giving the intruder access to an organization’s most confidential information.

Can Faxploit affect me?

Despite the emergence of more convenient, safe and secure technology, fax is still widely used in the healthcare industry. Once a machine has been compromised, anything is possible.

• - 3 million standalone fax machines are in use worldwide.
• - Tens of millions of all-in-one printers are sold worldwide each year.
• - Two-thirds of Canadian doctors say their primary means of communication with other physicians is by fax.
• - On average, medical clinics in Canada send and receive 24,000 pages of faxed information annually.
• - Only about one-third of family physicians and specialists e-mail their colleagues for clinical purposes.

How can I mitigate risk?

• - Eliminate fax use
• - Sustain a frequent device patching schedule
• - Disconnect or segment your network
• - Maintain a high level of IT hygiene

Protect Your Practice with Secure-Mail

Check Point’s research into fax machine vulnerabilities reveals that these devices are more than outdated. Fax machines pose a critical security risk for healthcare providers and the patients they serve. By trading in your fax machine for the Secure-Mail service offered by Brightsquid, you’ll not only be protecting your practice from Faxploit, but you’ll enjoy the added benefit of blocking other email-borne malicious attacks that can quickly shut down your clinic and expose patient data to unknown perpetrators. To learn more about Brightsquid’s Secure-Mail service, or to discuss the on-going privacy needs of your clinic, contact us today sales@brightsquid.com.