False Verkada HIPAA Compliance And Legal Risks Investigated

By Conor Healy, Published Mar 18, 2021, 09:49am EDT

Verkada has repeatedly and falsely claimed to be certified HIPAA Compliant, with a HIPAA consultant telling IPVM Verkada's actions are a "HIPAA disaster" while Verkada refused to provide any explanation for its HIPAA compliant claims.

IPVM Image

Inside this note, from the fallout of the Verkada breach/hack, we examine:

  • What Verkada has claimed
  • Verkada's response to IPVM
  • What HIPAA consultant Abner Weintraub says about the hack and their compliance
  • What issues exist for Verkada and its HIPAA covered client

Verkada's ***** ******

******* ***** ******** ****** claims ** ***** **********. The *******'*"******* ********** ****" ************ **** *** '*********' to ** ***** *********:

IPVM Image

*** *****"********** & ******** ***********" section********* ******** **** *************:

IPVM Image

*** ***** ** *********** made ******* ********** ************ *******:

IPVM Image

*** ******* ********** ****** ********* brochure, ***** ******** "***** Compliant ********" **** *******:

IPVM Image

***** * ******** ******** * **** ****** the ******* ****/******:

IPVM Image

**** ******** * ********* ********************** ***** ********* **** Verkada:

IPVM Image

******,*******'* *** ***** ******** ironically *********** "********* ****** ***** privacy ** ** ********* with *****":

**’** ********** ******* ***** privacy *** ***** ******** ** ****, ****’* part ** *** **’** been ** **********. *** example, ****** **** ** an ******** ******* *** us ******* ** ***conscious ****** ***** ******* ** ** ********* **** *****. [emphasis added]

Verkada = ***** ******** *********

*******, ********** ***** ********* **** Verkada,**** **** **** ********** with ********* **** **** them * ***** ******** associate *** **** ****** with *****:

IPVM Image

No ***** ** ******* *** ******* ***** ********** ******

******* ****** ** ****** proof, *******, ******, **********, certification, ** ***** ********** for *** ***** ********* claims. ********, ** ********** asked ******* *** **** evidence *** ***** ******* did ******* * ******* response, **** ******* ** address *** **** ** proof.

** ********, ********* **** *** ************* * ******* **** had * **** ****** complained ***** *************** ***** HIPAA *********, *******:

*** ******* ******* *********** expressly ** ** *********** that * ********** ****** or ***** ***** *** reviewed ******’* *********** ********* and ********** **** *** HIPAA’s ************.

Violations ** *****

**** *******'* ***"******** ***** *********"********, *** *********** ***** violations *** * ***** one ** ****

*****, ******* ****** ******** for "******* ********* ***********", as ***** *****:

IPVM Image

*******, *******'****-******** ***** ***** ********, ** **********, ********** their ***** ** '******* necessary' ***********.

********, ***** ******* ********** the **** ** ****** risk ** *********** ****** to *** ***** *******, it ************** *** ******** to ***** ****** ** its *** ********* ****** to ******** ******* *** video *****:

IPVM Image

*******, ******* ****** **** featuring "************* ***** ****" enables **** ** ** HIPAA *********:

IPVM Image

*******, ***** ******* *** have ***** **** **********, the ~*** ** ** employees **** ***** ***** accounts **** ***** *** in ** ****'* ******** were *** ******** ****** and ********* ** *****.

"A ***** ********"

********* **** *** ******* hack ** "* ***** disaster" **** *** "****** at *** ***** ** using ********, *** **** password, ** ***** ****** admin ********."

**'* ** ********** *** a ******* ** ** claiming ****** ***** *** sophistication *** ************* ******* to ** ***** **** they *** *** ******** their ******* ** *** way **** **** ***. And **** ****** *** media ******* **** *** about ******** ***** ** their ** ***** *** systems ******* ***** *** employees. **'* **** * debacle. ****, * ******'* trust **** **** ** hospital ** **** *****, to *** *** *****. I ******'* ***** **** anywhere.

*** ********** **** ******* out *** ***** ****** with****** ********** ** *** company's *** **************** ********** **** **** before **** ****** *** exposed:

** * ****** **** analysis *** **** ****, the **** ** ******* cameras ** ******* ***** monitored ** * ***** party *** *** ******* been ***** *** ***** their *** ******* ** harass ***** *** ********* - ** ***** *****, a **** ** ******** at *** ****** *** obvious, *** *** ** the ***** ******, ****** available ** ****** *** looked - *** **** of ******* ***** ******* in ******* ***** ******** an ******** **** **** should **** **** ********** in *** ********** **** analysis.

***********, ** **** "******* has ************** ******* ******* **** as ********, *** ***** be ****** ** ** penalized -- ********** ** civilly."

**'* *** **** ******* that ***** **** ************, but ***** ********* ** well. ********* ** *********, "if **** *** ******** rigorously, ********* ** *** letter ** *** ***, it ***** ********* ******** of ******* ** *****. And ***** **** **** quite * *** ************ dollar ********* ****** [*** HIPAA **********]."

Legal **** ** *******

***** *******'* ***** ********** may ** ***********, *** possibility ** ***** ********* will ***** ** *** Federal **********'* ******* *********** stance. *** ****** ** Civil ****** (***) ** the ********** ** ****** and ***** ******** ** responsible *** ****** ******* HIPAA *********; ********* ** Weintraub, *** *********** *** been "**** *****" ** recent *****.

*******, *** ***** ** players **** *** ***** HIPAA-related ******* ** ***** has ******** ** ****** years ***. *** **** can ***** ******** **** as *** *** ***** charges *** ***** **********, state-level ********* ******* *** as ****.

Response **** *******

******* ******** * ******* response ** **** ***** notifying *********:

*** ************* ** *******. We ******** *** ********* of *** ******** ******** and *** ******* **** affected ********* ** ********* what, ** ***, ********* health *********** *** **** been ******* ** **** attack.

******* ******* ** ******* how ** ********* ** based *** ***** ********* marketing ******.

Comments (12)

*****, **** ****!

**** ** ** ********* manifestation ** ***"**** ** ****" ***** at *******. **** **, **** say ******** ** ***** to *** *** ****, even ** **** ** falsely ******** ** ** certified *** ***** ********** while ****** ****** ** their ********* ****** ** those *******.

Agree: 11
Disagree
Informative: 1
Unhelpful
Funny

***** ** *** ******* in *** ******** ***** I **** **** *** most ******* **** ** the ***** *******:

** * ****** **** analysis *** **** ****, the **** ** ******* cameras ********* ***** ********* by * ***** ***** who *** ******* **** noted *** ***** ***** own ******* ** ****** their *** ********* - in ***** *****, * lack ** ******** ** the ****** *** *******, and *** ** *** media ******, ****** ********* to ****** *** ****** - *** **** ** putting ***** ******* ********* rooms ******** ** ******** risk **** ****** **** been ********** ** *** reasonable **** ********.

** ******** *************, ** have ****** *** *********, community, *** ***** ** supporting ********* **** *******. It ** ** ** us ** ************* ** make ******* ******* *** shared ********** ***** ** influence *** ****** ** move **** **.

Agree: 10
Disagree
Informative: 4
Unhelpful
Funny: 1

** ******** *************, ** have ******

**'* * **** ***** and * ***** ****'* it ***** **** ****** who ***** ** ************** mitigate **** *** **** "Yeah **** ******* ****** harassment ** ***** *** employees ***** ***** ******** became *** ******* *** they **** **** ** they *** ***** *** it ***'* ****** *****. So ****** **** ** me".

Agree: 6
Disagree
Informative
Unhelpful
Funny: 2

**** ** **** *** make **.

Agree
Disagree
Informative
Unhelpful
Funny: 4

**********: **** **** ** at ***** * ****** old

**** **** * ****** HIPAA **** *** ******* products ** ***** *********. Even *** ***** ************** for ****** (*.*. ***********) were *** ******* ** endorsed ** *****. ***** compliant ** *** *****, certified ** *******.

Agree: 4
Disagree
Informative: 1
Unhelpful
Funny

*** ******** ***** **** is ***** *******, ***** is ** ******** ***** certification. ***** *** *****-******* that **** ****** * company *** ********** *** provide ***** *** ********** certification *** *********. *** much ** ***** ** be "*********" ** ***** compliant ** * *****-***** is *********. *** ** far ** ** **** (we ***** *******, **** didn't ******), ******* ** not ********* ** * third-party ****.

Agree: 1
Disagree
Informative: 5
Unhelpful
Funny

**** **** *'** ****, I *****. *****'* ** such ***** ** ***** certification. ****** **** *** is **.

*'* ** ***** ****** and *** ******* ** the ******** ******** ** this ****** *** *** summary **** -***** ****** *** *********: Privacy, ********, *** ****** Notification *****- ******** **** ****** for ***** **********.

******* ****, **** ***** are ***** ** ******* at ****** *** ***********(*) that ******** ******* ** the "******** *********," (*******) itself.

Agree: 2
Disagree
Informative
Unhelpful
Funny

** ** * ********** it *** ****** ********** provider ** *********** *** maintaining ***** ********** *** it ** **** ******** who *** ** **** liable *** ******* ** comply. ******** ***** ******* into ******* **** ****** is * ********* *** the ******** *** ******* so ** **** *** cameras *** ** ***** (as **** ** *** any ***** ******* ******** and ******** ** *** cloud.)

Agree: 2
Disagree
Informative
Unhelpful
Funny

*** ********/******* ************ *** it's ********* *** ** course ********** *********** ** protect *** **** ** their ******** ** ********** with *** ********** *** compliance ************, ********* *********** set ***** ** *****.

**** ******** *******, *** medical *** **** ********* expects *** ****** ** not **** ******* ***** compliance ************, *** ** also *** ******* ******* them.

**** ** * ****** did *** ***** ***** compliance, *** ********** *********** would ** **** ** vendor ** *** ***** to ********* ******* *** general ******* ** ** organizations ******* ****. ******* we ***** **** *** expect **** ****** ** blatantly ********* ******* ******* laws *** ******* *** privacy ** *** "*********"!

******* ********* *** ********* of *** *** ***** expected ********* *******, *** privacy ** ***** *********, and ***** ********* ** exactly **** ******* ***. But *** **** ****, they **** ********** ******* that *** ******** *** services **** ******* ********* which ** * *** regardless ** ***** *******. The ***** ** ****** on *** ** ***** lies ***** *** ***** mess ************ ** ** opinion.

Agree: 3
Disagree
Informative
Unhelpful
Funny

******: ******* *** ******* retracted *** ***** '*************'* claims, *.*.:

*** *******'*"********** & ******** ***********" section********** ****** ***** ** a ******** **** "******* devices *** ********* *******":

IPVM Image

*** **** *** ****** states **** ******* ** compliant **** ***** *********, but ***** *** ******* of *************:

IPVM Image

Agree
Disagree
Informative: 3
Unhelpful
Funny

****'* ****** ** *** they *** ********* ******* some ** *** ********* ... ********* ** *** world. ***, **** ***** about *** *** *** this...

Agree
Disagree
Informative
Unhelpful
Funny: 1

******* ** **** ** marketing ***** ********** ** this ******** **:

IPVM Image

Agree
Disagree
Informative: 2
Unhelpful
Funny: 1
Read this IPVM report for free.

This article is part of IPVM's 7,211 reports and 960 tests and is only available to subscribers. To get a one-time preview of our work, enter your work email to access the full article.

Already a subscriber? Login here | Join now
Loading Related Reports