COVID-19 and Cybersecurity: Combating “Zoombombing” and Securing Your Remote Working Videoconferences

As COVID-19 has prompted a massive shift by organizations to the implementation and use of remote working solutions for their employees, there has been an unfortunate, but not surprising, corresponding rise in malicious actors seeking to exploit remote working solutions.

Over the past few weeks, the most notable and prevalent “digital hijacking” has occurred on the Zoom teleconferencing application. Since the start of the COVID-19 pandemic, there has been an explosion in the number of individuals using the Zoom application. Prior to the pandemic, Zoom averaged approximately 10 million users per day. However, Zoom now estimates that approximately 200 million users per day utilize its videoconferencing application. These users not only include remote workers, but also many school children and teachers who utilize the Zoom application for remote learning.

The phenomenon commonly known as “Zoombombing” involves the infiltration of Zoom videoconferences by hackers. Once they have infiltrated a videoconference, hackers have undertaken a variety of malicious acts including, among other things, posting hate speech, stealing personal identifying information, and posting pornography or other offensive or inappropriate content to the other participants in the videoconference. Typically, hackers look to exploit Zoom conference links that are posted publicly and/or open to the public without the need for a password or access key. In response to the increase in Zoombombing attacks, some governments and organizations have restricted or prohibited the use of the Zoom application by their employees. Recognizing the threat that hackers pose to their platform, Zoom recently added new default security features and recommended that users employ additional security safeguards.

Of course, it is not only Zoom that has been targeted by malicious cyber actors. Similar attacks have occurred on numerous other commonly use videoconferencing platforms. Attacks on these other platforms exploit similar flaws or security vulnerabilities that are seen in Zoombombing attacks.

Given the rise of attacks on videoconference applications during the COVID-19 pandemic, the FBI recently issued a warning discussing Zoombombing and other similar attacks aimed at remote working employees and students. The FBI advised that videoconference application users take the following steps:

  • Do not make meetings public and, if the option is available, utilize passwords for access to meetings;
  • Do not share links for meetings publicly;
  • Only allow meeting hosts to have the option to share their screens with other participants;
  • Ensure that you are using the most recent version of the application; and
  • Ensure that your organization’s remote working policies address requirements for videoconferencing security.

Other important security tips include:

  • Ensure that your teleconferencing sessions have active password protections in place;
  • Keep password protection on by default to prevent unauthorized users from joining or hijacking your sessions; and
  • Use a unique, one-time ID number for large or public teleconferencing calls.

The COVID-19 pandemic has made remote working a reality for many in a world handcuffed by social distancing. It is more important now than ever to understand the power, and the corresponding dangers, these new remote connection technologies hold in order to ensure that you maintain the safety and security of your organization’s data and information.


© 2020 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.

For more work from home considerations among the COVID-19 pandemic, see the National Law Review Coronavirus News page.

Telemedicine – Are There Increased Risks With Virtual Doctor Visits?

“Telemedicine” or “Telehealth” are the terms most often used when referring to clinical diagnosis and monitoring that is delivered by technology. Telemedicine encompasses healthcare provided via real time two-way video conferencing; file sharing, including transmission of health history, x-rays, films, or photos; remote patient monitoring; and consumer mobile health apps on smart phones, tablets, and devices that collect data and transmit it to a healthcare provider. Telemedicine is increasingly being used for everything from diagnosing common viruses to monitoring patients with serious long-term health issues.

The American Telemedicine Association reports that majority of hospitals now use some form of telemedicine. Two years ago, there were approximately 20 million telemedicine video consultations; that number is expected to increase to about 160 million by 2020. An estimated one-third of employer group plans already cover some type of telehealth.

Telemedicine implicates legal and regulatory issues as licensing, prescribing, credentialing, and cybersecurity. Pennsylvania recently passed legislation joining the Interstate Medical Licensing Compact, an agreement whereby licensed physicians can qualify to practice medicine across state lines within the Compact if they meet the eligibility requirements. The Compact enables physicians to obtain licenses to practice in multiple states, while strengthening public protection through the sharing of investigative and disciplinary information.

Federal and state laws and regulations may differ in their definitions and regulation of telemedicine. New Jersey recently passed legislation authorizing health care providers to engage in telemedicine and telehealth. The law establishes telemedicine practice standards, requirements for health care providers, and telehealth coverage requirements for various types of health insurance plans. Earlier this year, Texas became the last state to abolish the requirement that patient-physician relationships must first be established during an in-person patient/doctor visit before a telemedicine visit.

As telemedicine use increases, there will likely be an increase in related professional liability claims. One legal issue that arises in the context of telemedicine involves the standard of care that applies. The New Jersey statute states that the doctor is held to the same standard of care as applies to in-person settings. If that is not possible, the health care provider is required direct the patient to seek in-person care. However, the standard of care for telemedicine is neither clear nor uniform across the states.

Another issue that arises in the context of telemedicine is informed consent, especially in terms of communication, and keeping in mind that the Pennsylvania Supreme Court recently held that only the doctor, and not staff members, can obtain informed consent from patients. Miscommunication between a healthcare provider and patient is often an underlying cause of medical malpractice allegations in terms of whether informed consent was obtained.

In addition, equipment deficiencies or malfunctions can mask symptoms that would be evident during an in-person examination or result in the failure to transmit data accurately or timely, affecting the diagnosis or treatment of the patient.

Some of these issues will likely ultimately be addressed by legislative or regulatory bodies but others may end up in the courts. According to one medical malpractice insurer, claims relating to telemedicine have resulted from situations involving the remote reading of x-rays and fetal monitor strips by physicians, attempts to diagnose a patient via telemedicine, delays in treatment, and failure to order medication.

recent Pennsylvania case illustrates how telemedicine may also impact the way medical malpractice claims are treated in the courts. In Pennsylvania, a medical malpractice lawsuit must be filed in the county where the alleged malpractice occurred. Transferring venue back to Philadelphia County, the Superior Court in Pennsylvania found that alleged medical malpractice occurred in Philadelphia — where the physician and staff failed to timely transmit the physician’s interpretation of an infant’s echocardiogram to the hospital in another county where the infant was being treated.

The use of telemedicine will likely have wide-reaching implications for health care and health care law, including medical malpractice.

This post was written by Michael C. Ksiazek of STARK & STARK, COPYRIGHT ©
2017
For more Health Care legal analysis, go to The National Law Review