Zoom: Is It Safe? Or HIPAA Compliant?

Zoom: Is It Safe? Or HIPAA Compliant?

Zoom, a Video Conferencing Tool, is More Widely Used Than Ever Before Amidst the Coronavirus Pandemic. But Is It Safe? Can It Be Used While Maintaining HIPAA Compliance? Let’s Find Out…

Zoom, a video conferencing software, allows up to 1,000 people to get together, face-to-face, on a virtual level via video conferencing. It’s an excellent solution for those who are working from home, but is it safe? Moreover, is it HIPAA compliant? Let’s take a look at the solution in more detail:

• Users can leverage various tools, including recording meetings, screen sharing, and more.
• There are four price tiers available with varying call bandwidths, including a free version with up to 40-minutes of video conferencing at a time.

As the coronavirus pandemic continues to push businesses to embrace remote work, it’s more important than ever to have a reliable video conferencing solution for employees to maintain collaboration during the day. But similar to any tool out there, it’s essential to be aware of the potential risks.

A Zoom Vulnerability That Puts Windows Login Credentials at Risk…

First and foremost, there was a vulnerability found in March 2020 within the video conferencing solution that users should know about. Zoom Client for Windows was found to have a critical vulnerability that allows hackers to steal login credentials. How? Universal Naming Convention (UNC), a feature that converts URLs into hyperlinks when sent via email or chat, is supported in this version.

Unfortunately, tools can be used to click on the URL and give hackers access to the user’s login name and their password hash. In quite a few cases, hackers exploited UNC path injection – running arbitrary code on the machine to take control of the laptop or desktop being used to access the solution.

As of the beginning of April 2020, Zoom pushed out a patch to resolve this vulnerability, known as version number 4.6.9 (19253.0401). However, if you were using the solution before the patch being released, it’s essential to double-check that your login credentials were not impacted.

What About HIPAA Compliance?

Healthcare providers looking for a video conferencing solution can rest assured knowing the solution is HIPAA compliant, as long as you’re using it properly. Zoom has stated that it’s taken steps to ensure the platform incorporates the security controls necessary to satisfy the HIPAA security rule, including:

1. Authentication measures that allow users to verify their identity before sending or receiving sensitive information, such as:
   • OAuth 2.0 for authentication a user context
   • JSON Web Tokens (JWT) for authentication server-to-server apps
2. Access control measures to regulate who can use resources within the environment.
3. End-to-end encryption to keep communication secure against unauthorized access or users.

Zoom is also willing to sign a business associate agreement (BAA) with healthcare providers wherein the following will be implemented on the account:

1. Disabling all cloud recordings
2. Enabling encryption for all chats
3. Enabling the requirement of encryption for 3rd party endpoints
4. Enabling the encryption of all text messages

So The Big Question… Is Zoom Truly Safe?

Zoom is a reasonably safe choice for video conferencing amongst business professionals during this difficult time. Just make sure you’re following the recommendations below:

• Require a password for all meetings
• Announce meetings to attendees via email rather than public forums or social media
• Use a unique ID rather than using your meeting ID.

Questions? Get in Touch with Acapella Technologies at (603) 647-1784 Anytime.