HEALTHCARE AT HOME:
THE  ROWAN TECHNOLOGY REPORT

Serving the home health, home care and hospice industry since 1999.

by Tim Rowan, Editor

Cyber-security experts are concerned, if not alarmed, by the rapid adoption of one video communication service, Zoom, over all others. For one thing they warn, it makes life easier for hackers, who only have to learn how to break into one platform. The system designed by Eric Yuan, after he and his partners sold WebEx to Cisco, was transformed overnight from a handy tool for casual family and small business conversations into an inexpensive, unsecure business meeting space. Experts are even more concerned when Zoom is used by healthcare.

A survey of recent warnings led us to two reports. The left column below explains Zoom's dangers. The report on the right offers alternatives to consider.

Should Healthcare Be Using Zoom?


According to a study by online cyber-security news service "BleepingComputer," over 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free.

 

These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches. The successful logins are then compiled into lists that are sold to other hackers.

 

Some of these Zoom accounts are offered for free on hacker forums so that hackers can use them in zoom-bombing pranks and malicious activities. Others are sold for less than a penny each.

 

Cybersecurity intelligence firm Cyble told BleepingComputer that around April 1st, 2020, they began to see free Zoom accounts being posted on hacker forums to gain an increased reputation in the hacker community.

 

These accounts are shared via text sharing sites where the threat actors are posting lists of email addresses and password combinations.

 

BleepingComputer's Lawrence Abrams wrote that the account details, which were taken through previous credential stuffing attacks, are posted on a number of dark web sites and hacker forums after they are sorted through and put into lists.

 

Abrams spoke with cybersecurity intelligence firm Cyble, which tried to warn victims after buying about 530,000 Zoom login details for about $0.0020 per account through a hacker forum.

 

Cyble researchers told Abrams that the accounts they bought came with the email address, password, personal meeting URL, and HostKey of each victim.

 

Hackers use these account credentials for nefarious uses as well as juvenile ones, including the recent trend of Zoom bombing, which has been reported by schools, governments and businesses.

 

Now that millions of organizations are using Zoom and other video conferencing platforms to conduct all kinds of business, cyber-criminals have shown increased interest in login details or potential vulnerabilities that can be exploited.

 

 

Companies that have banned Zoom

Google has banned Zoom from company-owned computers; administrators will disable it this week, and Google employees have been directed to use Duo instead.

 

SpaceX has forbidden employees from using Zoom, citing security and privacy concerns.

 

Smart Communications, a Philippines-based ISP, has banned Zoom for internal use.

 

Governments and government agencies that have banned Zoom

Taiwan has banned Zoom for use by all government agencies.

 

NASA has banned all employees from using Zoom.

 

The German Foreign Ministry has restricted Zoom use to personal computers in emergency situations only, as reported by Reuters.

 

The United States Senate has urged its members to choose platforms other than Zoom due to security concerns, but has not issued an outright ban.

 

The Australian Defense Force banned its members from using Zoom after an Australian comedian Zoom bombed one of its meetings.

 

Educational institutions that have banned Zoom

New York City's Department of Education has banned teachers from using Zoom and encourages them to switch to Microsoft Teams.

 

Clark County Public Schools in Nevada has disabled Zoom on all school computers.

 

If Not Zoom, Then What?

 

The coronavirus pandemic has irrevocably shifted the workforce, forcing many professionals to adapt to remote work. Because of this shift, more professionals than ever before are relying on video conferencing tools to conduct daily meetings or projects.

 

One of the apps that gained the most traction in the middle of COVID-19 was Zoom. March 2020 saw a 225% increase in Zoom connections compared to the previous month, and data usage rose by an overwhelming 877% on the platform, according to research from Wandera

However, a recent influx of security issues on Zoom has caused some fluctuation in Zoom use. Major companies including Google, SpaceX, and NASA have banned the use of Zoom across their staff. 

 

Additionally, more than one-third of Zoom users said they now fear data leaks on the platform. For users wanting other video conferencing options, the following 10 are some of the most popular on the market. 

 

Top 10 video conferencing platforms 

  • Microsoft Teams

Microsoft Teams is the built-in video conferencing in Office 365. However, anyone can sign up for the free version of Teams using a personal email address. The low tier version allows support for up to 300 members, guest access, one-on-one and group video/audio calls, screen sharing, and shared files up to 10GB per team. The business plans, however, offer more. Administors then have access to security, management, and compliance tools. Teams can share files up to 1TB per user and collaborate using desktop Office programs and SharePoint Online. Those versions also support online webinars and training sessions. 

  • Skype 

Microsoft's other popular product, Skype, is another well-known video chat experience. The platform supports up to 50 participants for an unlimited amount of time for free, which makes it ideal for smaller companies. The platform has a call recording feature that any member can use and allows users to save and share the recording for up to a month. Users must have the Skype app downloaded, however. 

  • GoToMeeting

The web conferencing service from LogMein, GoToMeeting features audio and video sessions, screen sharing, and a mobile app for Android and iOS. The standard version, which allows for up to 150 team members, is offered for $14/month or $12/month annually. Medium-sized businesses can pay $19/month for the Business plan tier, which increases the range to 250 participants; and large businesses can choose the Enterprise plan that connects up to 3,000 users. Those interested in an Enterprise plan must contact GoToMeetings directly for pricing. 

  • Join.me

Another member of the LogMeIn team, Join.me is great for smaller businesses or those with a tighter budget. Audio-only meetings with screen sharing is available to anyone for up to three participants for free. Paid plans start with Lite, which is $10/host per month and allows for five meeting participants and no time limit. While video isn't an option for the lower-tier version, screen and window sharing are. 

Pro is $20 per month and allows for up to 250 meeting participants, 50GB of cloud storage, 10 webcam streams, recording options and scheduling. The Business edition has the features of Pro plus 1TB of cloud storage, enterprise authentication, and Salesforce integration.  

  • Cisco Webex

Cisco Webex is another popular video conferencing platform. The free version has a significant amount to offer, with up to three users and 50 participants for 40 minutes. It also features HD video, screen-sharing and recording options. The paid plans include the Starter at $13.50/host per month with 50 attendees; the Plus at $17.95/month with 100 attendees; the Business at $26.95/month and five-license minimum for up to 200 attendees; the Enterprise plan is also an option, with pricing available upon request. 

The first two options allow for additional cloud storage and management features, but the  Business Plan and up has single sign-on and support for Microsoft Exchange and Active Directory. 

  • BlueJeans

A smaller, cloud-based video conferencing service, BlueJeans offers high-quality streaming for smaller teams. Its three service options include the Me, My Team, and My Company. Under Me, users pay $19.98/month per user for up to 50 attendees. My Team is offered for $23.99/month per host, and adds 10 hours of cloud meeting recordings and a common dashboard for up to 75 users. My Company allows support for up to 150 participants and a room system calendar. Those interested in a My Company plan must contact BlueJeans directly for pricing. 

  • Intermedia AnyMeeting

AnyMeeting, under Intermedia Unite, brings together video conferencing, chat, and screen-sharing into one cloud-based platform that has VOIP capabilities and a high-level PBX system. The platform is secure, with end-to-end encryption and HIPPA features included in all editions. AnyMeeting has Starter, Lite, and Pro options that vary in cost based on the number of members an organization has. However, until 2021, users can get Pro for free. 

  • Google Hangouts Meet

Classic Google Hangouts for G Suite customers was retired in October 2019, but Hangouts Meet was born. This business version of the regular Hangouts allows for video meetings for G Suite subscribers, but external participants are still able to connect. 

The number of participants on G Suite Basic is limited to 100, but it goes up to 150  for Business, and 250 for Enterprise. To livestream with up to 100,000 audience members and record/save meetings to Drive, users will need G Suite Enterprise. 

  • RingCentral

RingCentral offers an impressive free version, with up to 100 participants, unlimited one-on-one meetings, 40-minute group meetings, and desktop and application sharing. The next tier up is Meeting essentials for $14.99/month per user, which allows for unlimited group meetings and 1,000 Call Me minutes. Office Premium, from 34.99/month per user combines calling, messaging and meeting into one, facilitating team collaboration with unlimited video conferences and audio meetings. 

  • Zoho Meeting

Zoho Meetings features capabilities for webinars, training, and online meetings. The platform allows for audio, video, and screen sharing, as well as phone audio, recording, and calendar invites. Plans begin at $10/host per month for 100 participants and 10 recordings. For a webinar, plans start at $19/host per month for 25 attendees and go up to $79/host per month for 250 attendees and 25 recordings.