NHS Fax Ban Set to Improve Security from 2020

Written by

The NHS will be banned from buying any more fax machines from next month as the government looks to upgrade the health service to more modern and secure communications platforms.

Health secretary Matt Hancock has also ordered a complete ban on their use by March 2020, as part of a plan to bring the NHS into the 21st century.

According to a Freedom of Information (FOI) request from the Royal College of Surgeons (RCS) in July, the NHS in England still uses over 8000 fax machines.

“We’ve got to get the basics right, like having computers that work and getting rid of the archaic fax machines still used across the NHS when everywhere else got rid of them years ago,” he said in a statement.

“I am instructing the NHS to stop buying fax machines and I’m setting a deadline for getting rid of them altogether. Email is much more secure and miles more effective than fax machines. The NHS can be the best in the world — and we can start with getting rid of fax machines.”

Richard Kerr, chair of the RCS Commission on the Future of Surgery, welcomed the news.

“Advances in artificial intelligence, genomics and imaging for healthcare promise exciting benefits for patients,” he argued. “As these digital technologies begin to play a bigger part in how we deliver healthcare it is crucial that we invest in better ways of communicating the vast amount of patient information that is going to be generated.”

Tony Pepper, CEO of Egress Software, highlighted the security risks associated with using fax machines.

“Fax machines provide a large surface area for human error and consequently data breaches when used to transfer sensitive data, as they can’t offer assurance over how the data is picked up and used at the receiving end, or a safety net to allow for user error when dialing,” he explained. “When used to transfer confidential information, there is a significant risk of a data breach.”

However, care will be needed to ensure sensitive data is encrypted when shared outside the health service via email, for example with patients, Pepper added.

Research from Check Point in August also pointed to a possible new attack vector exploiting vulnerabilities in a common implementation of the fax protocol, which could even allow hackers to infiltrate corporate networks via these machines.

What’s hot on Infosecurity Magazine?