CEO Reacts to Complaint on Zoom Security Problems

On April 1, 2020, Zoom CEO Eric S. Yuan mentioned in a blog post that Zoom is going through some growing pains because the platform has substantially increased in popularity this year. Yuan responded to the criticism of Zoom’s security problems by recognizing that they have fallen short of the privacy and security expectations. He apologized and wanted to share what the company is doing about it.

The company did not anticipate the huge increase in recognition of the platform nor the lockdown of a quarter of the planet’s population that prompted working and socializing from home. Because of the bigger variety of users using Zoom in a number of unexpected ways, the company is confronted with challenges that were never anticipated since the creation of the platform.

It ought to be mentioned that there are vulnerabilities in all software solutions. The disclosure of Zoom’s vulnerabilities to the public recently did not allow Zoom to respond first and fix the problems. Zoom reacted immediately and resolved some of the concerns recently but a number of privacy and security issues stay unresolved.

Zoom expressed to the public its commitment to correct privacy and security problems and proactively check the platform if there are other vulnerabilities. Zoom will stop all work on development in the next 90 days and will use engineering resources to aim at addressing trust, security, and privacy concerns. The company will enhance the bug bounty program and conduct penetration tests to evaluate platform security.

Using Zoom for Communications in Healthcare

Enterprise-class communication platforms need to provide enterprise-level of privacy and security. This is particularly essential in healthcare because of HIPAA compliance. Zoom provides an enterprise plan for healthcare providers called Zoom for Healthcare. It was developed to include the required safety measures for compliance with the HIPAA Privacy and Security Laws; nonetheless, the most recent security vulnerabilities and privacy problems of Zoom instigated doubt on the quality of protection it provides.

While the COVID-19 public health emergency is in force, the HHS’ Office for Civil Rights will exercise enforcement discretion and won’t issue sanctions or fines for providing good faith telehealth services. OCR will also allow at this time the use of applications that might not meet all HIPAA requirements. Though there’s no indication that OCR would give Zoom an exception, healthcare organizations should still take careful attention because Zoom is not a public-facing platform.

There are some other teleconferencing platforms that healthcare companies can utilize when providing telehealth services. Many of the platforms do provide real end-to-end encryption and have no security problems similar to those identified in Zoom. There are free to use solutions offering secure and HIPAA compliant messaging platform. TigerConnect offers free use of its platform to healthcare organizations after the announcement of the COVID-19 public health emergency.

Because there are available safe videoconferencing and communications platforms, it is highly recommended to employ a substitute option for telehealth and other healthcare communication throughout the COVID-19 outbreak until Zoom completely fixes its privacy and security problems and concludes its platform review.