False Verkada HIPAA Compliance And Legal Risks Investigated

By Conor Healy, Published Mar 18, 2021, 09:49am EDT (Info+)

Verkada has repeatedly and falsely claimed to be certified HIPAA Compliant, with a HIPAA consultant telling IPVM Verkada's actions are a "HIPAA disaster" while Verkada refused to provide any explanation for its HIPAA compliant claims.

IPVM Image

Inside this note, from the fallout of the Verkada breach/hack, we examine:

  • What Verkada has claimed
  • Verkada's response to IPVM
  • What HIPAA consultant Abner Weintraub says about the hack and their compliance
  • What issues exist for Verkada and its HIPAA covered client

Verkada's ***** ******

******* ***** ******** ****** ****** ** HIPAA **********. *** *******'*"******* ********** ****" ************ **** *** '*********' ** ** HIPAA *********:

IPVM Image

*** *****"********** & ******** ***********" **************** ******** **** *************:

IPVM Image

*** ***** ** *********** **** ******* ********** ************ *******:

IPVM Image

*** ******* ********** ****** ********* ********, ***** ******** "***** ********* ********" from *******:

IPVM Image

***** * ******** ******** * **** ****** *** ******* hack/breach:

IPVM Image

**** ******** * ********* ********************** ***** ********* **** *******:

IPVM Image

******,*******'* *** ***** ******** ********** *********** "********* ****** ***** ******* ** be ********* **** *****":

**’** ********** ******* ***** ******* *** cyber ******** — ** ****, ****’* part ** *** **’** **** ** successful. *** *******, ****** **** ** an ******** ******* *** ** ******* we ***conscious ****** ***** ******* ** ** ********* **** *****. [emphasis added]

Verkada = ***** ******** *********

*******, ********** ***** ********* **** *******,**** **** **** ********** **** ********* that **** **** * ***** ******** associate *** **** ****** **** *****:

IPVM Image

No ***** ** ******* *** ******* ***** ********** ******

******* ****** ** ****** *****, *******, source, **********, *************, ** ***** ********** for *** ***** ********* ******. ********, we ********** ***** ******* *** **** evidence *** ***** ******* *** ******* a ******* ********, **** ******* ** address *** **** ** *****.

** ********, ********* **** *** ************* * ******* **** *** * data ****** ********** ***** *************** ***** HIPAA *********, *******:

*** ******* ******* *********** ********* ** by *********** **** * ********** ****** or ***** ***** *** ******** ******’* information ********* *** ********** **** *** HIPAA’s ************.

Violations ** *****

**** *******'* ***"******** ***** *********"********, *** *********** ***** ********** *** a ***** *** ** ****

*****, ******* ****** ******** *** "******* necessary ***********", ** ***** *****:

IPVM Image

*******, *******'****-******** ***** ***** ********, ** **********, ********** ***** ***** of '******* *********' ***********.

********, ***** ******* ********** *** **** to ****** **** ** *********** ****** to *** ***** *******, ** ************** has ******** ** ***** ****** ** its *** ********* ****** ** ******** systems *** ***** *****:

IPVM Image

*******, ******* ****** **** ********* "************* audit ****" ******* **** ** ** HIPAA *********:

IPVM Image

*******, ***** ******* *** **** ***** logs **********, *** ~*** ** ** employees **** ***** ***** ******** **** could *** ** ** ****'* ******** were *** ******** ****** *** ********* to *****.

"A ***** ********"

********* **** *** ******* **** ** "a ***** ********" **** *** "****** at *** ***** ** ***** ********, the **** ********, ** ***** ****** admin ********."

**'* ** ********** *** * ******* to ** ******** ****** ***** *** sophistication *** ************* ******* ** ** doing **** **** *** *** ******** their ******* ** *** *** **** they ***. *** **** ****** *** media ******* **** *** ***** ******** abuse ** ***** ** ***** *** systems ******* ***** *** *********. **'* just * *******. ****, * ******'* trust **** **** ** ******** ** this *****, ** *** *** *****. I ******'* ***** **** ********.

*** ********** **** ******* *** *** track ****** ********** ********** ** *** *******'* *** employees******* ********** **** **** ****** **** breach *** *******:

** * ****** **** ******** *** been ****, *** **** ** ******* cameras ** ******* ***** ********* ** a ***** ***** *** *** ******* been ***** *** ***** ***** *** cameras ** ****** ***** *** ********* - ** ***** *****, * **** of ******** ** *** ****** *** obvious, *** *** ** *** ***** freely, ****** ********* ** ****** *** looked - *** **** ** ******* those ******* ** ******* ***** ******** an ******** **** **** ****** **** been ********** ** *** ********** **** analysis.

***********, ** **** "******* *** ************** ******* ******* **** ** ********, and ***** ** ****** ** ** penalized -- ********** ** *******."

**'* *** **** ******* **** ***** face ************, *** ***** ********* ** well. ********* ** *********, "** **** was ******** **********, ********* ** *** letter ** *** ***, ** ***** represent ******** ** ******* ** *****. And ***** **** **** ***** * few ************ ****** ********* ****** [*** HIPAA **********]."

Legal **** ** *******

***** *******'* ***** ********** *** ** substantial, *** *********** ** ***** ********* will ***** ** *** ******* **********'* current *********** ******. *** ****** ** Civil ****** (***) ** *** ********** of ****** *** ***** ******** ** responsible *** ****** ******* ***** *********; according ** *********, *** *********** *** been "**** *****" ** ****** *****.

*******, *** ***** ** ******* **** can ***** *****-******* ******* ** ***** has ******** ** ****** ***** ***. Not **** *** ***** ******** **** as *** *** ***** ******* *** HIPAA **********, *****-***** ********* ******* *** as ****.

Response **** *******

******* ******** * ******* ******** ** IPVM ***** ********* *********:

*** ************* ** *******. ** ******** our ********* ** *** ******** ******** and *** ******* **** ******** ********* to ********* ****, ** ***, ********* health *********** *** **** **** ******* in **** ******.

******* ******* ** ******* *** ** justified ** ***** *** ***** ********* marketing ******.

Comments (12)

*****, **** ****!

**** ** ** ********* ************* ** the"**** ** ****" ***** ** *******. **** **, **** *** ******** it ***** ** *** *** ****, even ** **** ** ******* ******** to ** ********* *** ***** ********** while ****** ****** ** ***** ********* access ** ***** *******.

Agree: 11
Disagree
Informative: 1
Unhelpful
Funny

***** ** *** ******* ** *** security ***** * **** **** *** most ******* **** ** *** ***** article:

** * ****** **** ******** *** been ****, *** **** ** ******* cameras ********* ***** ********* ** * third ***** *** *** ******* **** noted *** ***** ***** *** ******* to ****** ***** *** ********* - in ***** *****, * **** ** controls ** *** ****** *** *******, and *** ** *** ***** ******, freely ********* ** ****** *** ****** - *** **** ** ******* ***** cameras ********* ***** ******** ** ******** risk **** ****** **** **** ********** in *** ********** **** ********.

** ******** *************, ** **** ****** our *********, *********, *** ***** ** supporting ********* **** *******. ** ** up ** ** ** ************* ** make ******* ******* *** ****** ********** power ** ********* *** ****** ** move **** **.

Agree: 10
Disagree
Informative: 4
Unhelpful
Funny: 1

** ******** *************, ** **** ******

**'* * **** ***** *** * agree ****'* ** ***** **** ****** who ***** ** ************** ******** **** are **** "**** **** ******* ****** harassment ** ***** *** ********* ***** media ******** ****** *** ******* *** they **** **** ** **** *** sorry *** ** ***'* ****** *****. So ****** **** ** **".

Agree: 6
Disagree
Informative
Unhelpful
Funny: 2

**** ** **** *** **** **.

Agree
Disagree
Informative
Unhelpful
Funny: 4

**********: **** **** ** ** ***** a ****** ***

**** **** * ****** ***** **** not ******* ******** ** ***** *********. Even *** ***** ************** *** ****** (e.g. ***********) **** *** ******* ** endorsed ** *****. ***** ********* ** one *****, ********* ** *******.

Agree: 4
Disagree
Informative: 1
Unhelpful
Funny

*** ******** ***** **** ** ***** correct, ***** ** ** ******** ***** certification. ***** *** *****-******* **** **** review * ******* *** ********** *** provide ***** *** ********** ************* *** customers. *** **** ** ***** ** be "*********" ** ***** ********* ** a *****-***** ** *********. *** ** far ** ** **** (** ***** Verkada, **** ****'* ******), ******* ** not ********* ** * *****-***** ****.

Agree: 1
Disagree
Informative: 5
Unhelpful
Funny

**** **** *'** ****, * *****. There's ** **** ***** ** ***** certification. ****** **** *** ** **.

*'* ** ***** ****** *** *** certain ** *** ******** ******** ** this ****** *** *** ******* **** -***** ****** *** *********: *******, ********, and ****** ************ *****- ******** **** ****** *** ***** compliance.

******* ****, **** ***** *** ***** to ******* ** ****** *** ***********(*) that ******** ******* ** *** "******** associate," (*******) ******.

Agree: 2
Disagree
Informative
Unhelpful
Funny

** ** * ********** ** *** actual ********** ******** ** *********** *** maintaining ***** ********** *** ** ** that ******** *** *** ** **** liable *** ******* ** ******. ******** these ******* **** ******* **** ****** is * ********* *** *** ******** and ******* ** ** **** *** cameras *** ** ***** (** **** as *** *** ***** ******* ******** and ******** ** *** *****.)

Agree: 2
Disagree
Informative
Unhelpful
Funny

*** ********/******* ************ *** **'* ********* are ** ****** ********** *********** ** protect *** **** ** ***** ******** in ********** **** *** ********** *** compliance ************, ********* *********** *** ***** by *****.

**** ******** *******, *** ******* *** user ********* ******* *** ****** ** not **** ******* ***** ********** ************, but ** **** *** ******* ******* them.

**** ** * ****** *** *** claim ***** **********, *** ********** *********** would ** **** ** ****** ** not ***** ** ********* ******* *** general ******* ** ** ************* ******* data. ******* ** ***** **** *** expect **** ****** ** ********* ********* Federal ******* **** *** ******* *** privacy ** *** "*********"!

******* ********* *** ********* ** *** end ***** ******** ********* *******, *** privacy ** ***** *********, *** ***** customers ** ******* **** ******* ***. But *** **** ****, **** **** improperly ******* **** *** ******** *** services **** ******* ********* ***** ** a *** ********** ** ***** *******. The ***** ** ****** ** *** of ***** **** ***** *** ***** mess ************ ** ** *******.

Agree: 3
Disagree
Informative
Unhelpful
Funny

******: ******* *** ******* ********* *** HIPAA '*************'* ******, *.*.:

*** *******'*"********** & ******** ***********" ***************** ****** ***** ** * ******** that "******* ******* *** ********* *******":

IPVM Image

*** **** *** ****** ****** **** Verkada ** ********* **** ***** *********, but ***** *** ******* ** *************:

IPVM Image

Agree
Disagree
Informative: 3
Unhelpful
Funny

****'* ****** ** *** **** *** compliant ******* **** ** *** ********* ... ********* ** *** *****. ***, when ***** ***** *** *** *** this...

Agree
Disagree
Informative
Unhelpful
Funny: 1

******* ** **** ** ********* ***** compliance ** **** ******** **:

IPVM Image

Agree
Disagree
Informative: 2
Unhelpful
Funny: 1
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports