According to BlogGeek.me, Zoom had a very vulnerable security flaw. This is why you need to be aware of what your telemedicine platform offers in regards to security.
For those who haven’t followed the tech news, a week ago a serious vulnerability was publicly disclosed about Zoom by Jonathan Leitschuh. If you have a Mac and installed Zoom to join a meeting, then people could use web pages and links to force your machine to open up your Zoom client and camera. To make things worse, uninstalling Zoom was… impossible. That same link would forcefully reinstall zoom as well.
The original analysis of the vulnerability indicated quite a few avenues of attack:
Ability to force a user to join a meeting with a click of a link without further request for permissions. The user doesn’t need to even approve that meeting
Ability to force a webcam to open in meeting on a click of a link without further request for permissions. The user doesn’t need to even approve that meeting
Denial of service attack by forcing the Zoom app to open over and over again
Silently installing Zoom if it was uninstalled
Doxy.me uses WebRTC for encrypted video. Maintaining a secure platform involves several factors, processes, and responsibilities. Doxy.me complies with the security and privacy requirements of the healthcare industry. Here are the following ways we maintain security:
- Patient health information (PHI) is not stored, as a result this data cannot be stolen from Doxy.me servers
- Point-to-point NIST-approved AES 128 bit encryption is used for all video & audio communication
- Full volume encryption and 256-bit AES encrypted keys used on data stored at rest
- HIPAA and HITECH compliant servers
- OSSEC intrusion detection, file integrity monitoring, log monitoring, root check, and process monitoring
- Signed Business Associates Agreement provided
- Annual HIPAA risk assessments conducted
- Auditing, logging, backup and disaster recovery policies and procedures in place
For those who don’t know, WebRTC offers voice and video communications from inside the browser. Most vendors today use WebRTC, and for some reason, Zoom doesn’t. To read the of the article click here.