Protect Your Patients & Practice From Telehealth Zoombombing | AdvancedMD

Features Navigation

Live Chat (800) 825-0224 Live Demo

← Back

Protect your Patients & Practice from Telehealth Zoombombing

Telemedicine

Security & Privacy Concerns with Zoom Platform

AdvancedMD and our telehealth partner, Zoom, are equally committed to the security and privacy of the patient-provider relationship and associated information. Over the past few days there have been reports in the media about security and privacy vulnerabilities in Zoom. Our security and R&D teams have been following this issue closely and continue to track news on this issue. It’s our commitment to provide updates on fixes and preventative measures as they become available.

Below you will find information regarding concerns currently in the media, an update AdvancedMD previously made to address concerns, and what you can do to help keep your telehealth visits secure.

Read more about information specifically addressing Zoom’s efforts to address privacy and security vulnerabilities.

What are the security and privacy concerns with Zoom?

There are two major issues that have been broadly reported. Zoombombing is the term for crashing into a Zoom meeting. There are two ways this vulnerability can impact our customers:

  • A malicious actor could happen to identify an ID for an ongoing telehealth call, and then join the call directly or share the meeting ID with a large group of people who could then Zoombomb the call.
  • An innocent person could inadvertently transpose numbers in their own meeting ID and accidentally join a telehealth call.

These options are highly unlikely for the type of Zoom meetings used within AdvancedMD telehealth as each meeting is created with a new and random meeting ID.

To further protect your telehealth visits, yesterday AdvancedMD updated all telehealth sessions so a chime rings any time anyone enters and exits the session. This is now a default setting. This setting should be left selected by the provider.

What further efforts should you do?

  • Providers should lock telemedicine meetings. To lock a meeting, go to Manage Attendees > More > Lock Meeting after the Zoom meeting launches, and all participants have entered the meeting.
  • Providers and patients should download the latest version of Zoom which will apply and enable this security fix. Zoom users are prompted after each meeting to update the Zoom client if a new version is available.
    Please note: On April 1, 2020 it was reported in news media that once a hacker joins a Zoom meeting, the hacker can use a specially-crafted link to steal users’ Windows credentials. This vulnerability was patched on April 1 and is no longer an issue.
  • Require providers to admit attendees (automatic security enhancement). To enhance security in our telehealth feature, we have enabled a new setting in Zoom called Waiting Room. This change requires the provider to admit all attendees to the call. The admit process is simple and can be done directly after starting the visit session. If needed, the provider can also remove attendees. This increases security and privacy against malicious Zoombombing attacks. Prior to this enhancement, anyone in the telemedicine waiting room could automatically join the meeting.



Topic: Telemedicine


Other Resources Related to This Topic


Telemedicine

Telehealth Demo

Our revolutionary new telemedicine (telehealth) feature is seamlessly unified within our EHR, practice management, and...

Patient Experience

2-Minute Survey Telemedicine Post-pandemic Trend

  We recently reached out to our customers and a select group of prospective customers...

Telemedicine

Road Rally Through Your Telehealth Track: How Does Your Practice Stack Up?

What do road rallies, patient perception and telemedicine all have in common? Download this free...

“The money I have invested in AdvancedMD is miniscule compared to the return. I have never been more efficient – ever – in my professional life as I am now.”

Jed Shay, MD
The Pain Care Center

Read the story  ›

“[Our] patients are very well-educated and well-informed, and they want to see results quickly. The practice has to run extremely efficiently and be accessible to them. The nice thing about [AdvancedMD] is it has allowed me to be more efficient both in and out of the office. Now I don’t have to come back into the office, which is great for my family and everything else. It saves me a lot of time – probably an hour a day on the three days I work in the second office.”

Keith Berkowitz, MD
Center for Balanced Health

Read the story  ›

“The best thing I ever did in private practice was getting AdvancedMD—it has liberated me.”

Estaban Lavato, MD
La Loma Medical Center

“Having integrated practice management and EHR is absolutely wonderful, you don’t have to flip back and forth between systems—all of your information is at hand when needed.”

Raju Raval, MD

Read the story  ›