Looking for a Business Associate Agreement? Download our FREE starter template.
Total HIPAA Logo

WARNING: Your Fax Machine Could be Used to Hack You!

American businesses have used fax machines to transmit images via telephone lines since the late 1980s. Now, almost forty years later, many organizations are still relying on these workhorses to do business. As of 2015, about 46.3 million fax machines were still in use, of which 17 million are believed to be operating in the United States. With so much new, cutting-edge technology available at our fingertips today, we’re still relying on antiquated technology, that could put your organization at risk and vulnerable to a hack. This is a huge problem – especially if you work with PHI!

A study shows just how vulnerable fax machines are

People assume that since fax machines have served businesses for forty plus years and have never posed an issue before, they’re not a cybersecurity risk. Surely these dinosaurs could never be the root cause of a cyber attack like a crippling network virus! Oh, could they ever be!

A recent study indicated that fax machines may pres­ent an opening where hack­ers can in­fil­trate an or­gan­i­za­tion’s net­work. The report showed that cybercriminals can infiltrate any home or corporate network by exploiting all-in-one printer-fax machines. Hackers can send an image file over the phone line that contains ma­li­cious soft­ware. That image file lets them take con­trol of the de­vice and ac­cess the rest of the net­work, enabling them to insert a virus or ransomware of their choosing. All the hackers need is a fax number to gain access to the entire corporate network. Think about how easy it is to find out a company’s fax number, and you quickly realize how vulnerable your organization may be.

Protecting clients’ PHI when faxing

If you must use a fax capability, keep these pointers in mind:

  1. Consider using a more secure way of transferring information, like efax, secure email or postal mail. Check out our blog on HIPAA compliant email encryption. If you must fax, be sensible about the information you send.
  2. If you have to fax PHI, only send the information that is important for the claim or the issue at hand.
  3. Always use a cover letter to avoid casual reading.
  4. For any new recipients, send a test fax before sending the actual document.
  5. Locate all fax machines in a secured room that is only accessible to employees.
  6. Use a secure, dedicated fax machine for transmitting PHI. Do not publish this number on your website or business card.
  7. Configure your fax machine so that it does not save any copies of information you have sent.
  8. If you are using a traditional fax machine, pre-program important or frequently used numbers to avoid sending faxes to the wrong recipients. Make sure the recipient of the PHI is aware the fax is coming and is waiting by the fax machine.
  9. If your fax machine can’t support a soft­ware up­date, replace it or get rid of it completely.
  10. If the man­u­fac­tur­er hasn’t released a patch to fix the vul­ner­a­bil­i­ty, only fax using a seg­men­ted part of the net­work that does not connect to criti­cal data.
  11. If you use an all-in-one print, copy, fax machine, dis­con­nect it if a supplier or client does not use the fax func­tions.
  12. Most efax companies today encrypt any information they store, but you need to check to make sure they have a valid SSL/TLS license.
  13. eFax companies you use should sign a Business Associate Agreement and state they encrypt any of your information stored on their site.

Migrating away from sending faxes is advisable. Make your company HIPAA compliant. Don’t allow this ‘back-door” compromise your business.

1. https://www.faxswitch.com/fax_machine_history.html
2. https://www.business2community.com/tech-gadgets/why-faxing-will-outlive-us-all-01297384

Sharing is caring!


Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Let's keep in touch

Stay up to date on the latest HIPAA news, plus receive tons of free tools and info.

Navigating HIPAA Compliance in 2023

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!


Related Posts

What is Access Control in terms of HIPAA?

What is Access Control in terms of HIPAA?

Access control, in terms of cybersecurity, refers to the practice of managing and regulating who can access specific resources, systems, or data within an organization's network or information...

Comparing HIPAA and NIST

Comparing HIPAA and NIST

In the ever-evolving landscape of data security and privacy, two key frameworks have emerged as significant players: HIPAA and NIST. Both emphasize the importance of safeguarding sensitive...

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)