Telehealth and Zoom: What you need to know to stay secure online

With the rapid rise of the adoption of Telehealth during the Covid-19 pandemic the bad actors on the internet did not slack off in their quest to exploit these applications. Zoom had a number of malicious attacks and investigated by the NYS Attorney General, as well as Senator Blumenthal.

What is Zoombombing?

A new form of trolling in which a participant uses Zoom’s screensharing feature to interrupt and disrupt meetings and classes. (University of Southern California, 2020)

There are numerous reports of this including public webinars where malicious actors were able to share adult content to all participants in the meeting. Another case involved a Doctorate student who had her Dissertation defense session hijacked.

HealthEfficient is issuing the following recommendations with Zoom to ensure a safe and secure session:

• Use Zoom for Healthcare; regular versions are not HIPAA compliant

• Ensure a Business Associate Agreement (BAA) is in place now

• Enable meeting passwords – Zoom has now made this the default for new meetings

• Enable Waiting rooms – Zoom also enabled this by default, but always verify your settings

• Lock your meeting – this restricts others from joining after the meeting has started

 Additional Resources

HHS:

• Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency

Zoom:

• A Health Security Posture Starts With These Features

• Answering Your Top 10 Questions About Zoom for Healthcare

Security & Prevention:

• How Zoom Addressed Zoombombing

• Ways to Prevent Zoombombing