False Verkada HIPAA Compliance And Legal Risks Investigated

By Conor Healy, Published Mar 18, 2021, 09:49am EDT (Info+)

Verkada has repeatedly and falsely claimed to be certified HIPAA Compliant, with a HIPAA consultant telling IPVM Verkada's actions are a "HIPAA disaster" while Verkada refused to provide any explanation for its HIPAA compliant claims.

IPVM Image

Inside this note, from the fallout of the Verkada breach/hack, we examine:

What Verkada has claimed
Verkada's response to IPVM
What HIPAA consultant Abner Weintraub says about the hack and their compliance
What issues exist for Verkada and its HIPAA covered client

Verkada's ***** ******

******* ***** ******** ****** ****** ** HIPAA **********. *** *******'*"******* ********** ****" ************ **** *** '*********' ** ** HIPAA *********:

IPVM Image

*** *****"********** & ******** ***********" **************** ******** **** *************:

IPVM Image

*** ***** ** *********** **** ******* ********** ************ *******:

IPVM Image

*** ******* ********** ****** ********* ********, ***** ******** "***** ********* ********" from *******:

IPVM Image

***** * ******** ******** * **** ****** *** ******* hack/breach:

IPVM Image

**** ******** * ********* ********************** ***** ********* **** *******:

IPVM Image

******,*******'* *** ***** ******** ********** *********** "********* ****** ***** ******* ** be ********* **** *****":

**’** ********** ******* ***** ******* *** cyber ******** — ** ****, ****’* part ** *** **’** **** ** successful. *** *******, ****** **** ** an ******** ******* *** ** ******* we ***conscious ****** ***** ******* ** ** ********* **** *****. [emphasis added]

Verkada = ***** ******** *********

*******, ********** ***** ********* **** *******,**** **** **** ********** **** ********* that **** **** * ***** ******** associate *** **** ****** **** *****:

IPVM Image

No ***** ** ******* *** ******* ***** ********** ******

******* ****** ** ****** *****, *******, source, **********, *************, ** ***** ********** for *** ***** ********* ******. ********, we ********** ***** ******* *** **** evidence *** ***** ******* *** ******* a ******* ********, **** ******* ** address *** **** ** *****.

** ********, ********* **** *** ************* * ******* **** *** * data ****** ********** ***** *************** ***** HIPAA *********, *******:

*** ******* ******* *********** ********* ** by *********** **** * ********** ****** or ***** ***** *** ******** ******’* information ********* *** ********** **** *** HIPAA’s ************.

Violations ** *****

**** *******'* ***"******** ***** *********"********, *** *********** ***** ********** *** a ***** *** ** ****

*****, ******* ****** ******** *** "******* necessary ***********", ** ***** *****:

IPVM Image

*******, *******'****-******** ***** ***** ********, ** **********, ********** ***** ***** of '******* *********' ***********.

********, ***** ******* ********** *** **** to ****** **** ** *********** ****** to *** ***** *******, ** ************** has ******** ** ***** ****** ** its *** ********* ****** ** ******** systems *** ***** *****:

IPVM Image

*******, ******* ****** **** ********* "************* audit ****" ******* **** ** ** HIPAA *********:

IPVM Image

*******, ***** ******* *** **** ***** logs **********, *** ~*** ** ** employees **** ***** ***** ******** **** could *** ** ** ****'* ******** were *** ******** ****** *** ********* to *****.

"A ***** ********"

********* **** *** ******* **** ** "a ***** ********" **** *** "****** at *** ***** ** ***** ********, the **** ********, ** ***** ****** admin ********."

**'* ** ********** *** * ******* to ** ******** ****** ***** *** sophistication *** ************* ******* ** ** doing **** **** *** *** ******** their ******* ** *** *** **** they ***. *** **** ****** *** media ******* **** *** ***** ******** abuse ** ***** ** ***** *** systems ******* ***** *** *********. **'* just * *******. ****, * ******'* trust **** **** ** ******** ** this *****, ** *** *** *****. I ******'* ***** **** ********.

*** ********** **** ******* *** *** track ****** ********** ********** ** *** *******'* *** employees******* ********** **** **** ****** **** breach *** *******:

** * ****** **** ******** *** been ****, *** **** ** ******* cameras ** ******* ***** ********* ** a ***** ***** *** *** ******* been ***** *** ***** ***** *** cameras ** ****** ***** *** ********* - ** ***** *****, * **** of ******** ** *** ****** *** obvious, *** *** ** *** ***** freely, ****** ********* ** ****** *** looked - *** **** ** ******* those ******* ** ******* ***** ******** an ******** **** **** ****** **** been ********** ** *** ********** **** analysis.

***********, ** **** "******* *** ************** ******* ******* **** ** ********, and ***** ** ****** ** ** penalized -- ********** ** *******."

**'* *** **** ******* **** ***** face ************, *** ***** ********* ** well. ********* ** *********, "** **** was ******** **********, ********* ** *** letter ** *** ***, ** ***** represent ******** ** ******* ** *****. And ***** **** **** ***** * few ************ ****** ********* ****** [*** HIPAA **********]."

Legal **** ** *******

***** *******'* ***** ********** *** ** substantial, *** *********** ** ***** ********* will ***** ** *** ******* **********'* current *********** ******. *** ****** ** Civil ****** (***) ** *** ********** of ****** *** ***** ******** ** responsible *** ****** ******* ***** *********; according ** *********, *** *********** *** been "**** *****" ** ****** *****.

*******, *** ***** ** ******* **** can ***** *****-******* ******* ** ***** has ******** ** ****** ***** ***. Not **** *** ***** ******** **** as *** *** ***** ******* *** HIPAA **********, *****-***** ********* ******* *** as ****.

Response **** *******

******* ******** * ******* ******** ** IPVM ***** ********* *********:

*** ************* ** *******. ** ******** our ********* ** *** ******** ******** and *** ******* **** ******** ********* to ********* ****, ** ***, ********* health *********** *** **** **** ******* in **** ******.

******* ******* ** ******* *** ** justified ** ***** *** ***** ********* marketing ******.

Comments (12)

John Honovich

IPVM | 03/18/21 01:51pm

*****, **** ****!

**** ** ** ********* ************* ** the"**** ** ****" ***** ** *******. **** **, **** *** ******** it ***** ** *** *** ****, even ** **** ** ******* ******** to ** ********* *** ***** ********** while ****** ****** ** ***** ********* access ** ***** *******.

Agree: 11

Disagree

Informative: 1

Unhelpful

Funny

Undisclosed #1

03/18/21 02:58pm

***** ** *** ******* ** *** security ***** * **** **** *** most ******* **** ** *** ***** article:

** * ****** **** ******** *** been ****, *** **** ** ******* cameras ********* ***** ********* ** * third ***** *** *** ******* **** noted *** ***** ***** *** ******* to ****** ***** *** ********* - in ***** *****, * **** ** controls ** *** ****** *** *******, and *** ** *** ***** ******, freely ********* ** ****** *** ****** - *** **** ** ******* ***** cameras ********* ***** ******** ** ******** risk **** ****** **** **** ********** in *** ********** **** ********.

** ******** *************, ** **** ****** our *********, *********, *** ***** ** supporting ********* **** *******. ** ** up ** ** ** ************* ** make ******* ******* *** ****** ********** power ** ********* *** ****** ** move **** **.

Agree: 10

Disagree

Informative: 4

Unhelpful

Funny: 1

John Honovich

IPVM | In reply to Undisclosed #1 | 03/18/21 03:16pm

** ******** *************, ** **** ******

**'* * **** ***** *** * agree ****'* ** ***** **** ****** who ***** ** ************** ******** **** are **** "**** **** ******* ****** harassment ** ***** *** ********* ***** media ******** ****** *** ******* *** they **** **** ** **** *** sorry *** ** ***'* ****** *****. So ****** **** ** **".

Agree: 6

Disagree

Informative

Unhelpful

Funny: 2

Undisclosed #2

03/18/21 03:42pm

**** ** **** *** **** **.

Agree

Disagree

Informative

Unhelpful

Funny: 4

Undisclosed Integrator #3

03/18/21 05:00pm

**********: **** **** ** ** ***** a ****** ***

**** **** * ****** ***** **** not ******* ******** ** ***** *********. Even *** ***** ************** *** ****** (e.g. ***********) **** *** ******* ** endorsed ** *****. ***** ********* ** one *****, ********* ** *******.

Agree: 4

Disagree

Informative: 1

Unhelpful

Funny

Conor Healy

IPVMU Certified | In reply to Undisclosed Integrator #3 | 03/18/21 05:24pm

*** ******** ***** **** ** ***** correct, ***** ** ** ******** ***** certification. ***** *** *****-******* **** **** review * ******* *** ********** *** provide ***** *** ********** ************* *** customers. *** **** ** ***** ** be "*********" ** ***** ********* ** a *****-***** ** *********. *** ** far ** ** **** (** ***** Verkada, **** ****'* ******), ******* ** not ********* ** * *****-***** ****.

Agree: 1

Disagree

Informative: 5

Unhelpful

Funny

Undisclosed Manufacturer #4

In reply to Undisclosed Integrator #3 | 03/18/21 05:33pm

**** **** *'** ****, * *****. There's ** **** ***** ** ***** certification. ****** **** *** ** **.

*'* ** ***** ****** *** *** certain ** *** ******** ******** ** this ****** *** *** ******* **** -***** ****** *** *********: *******, ********, and ****** ************ *****- ******** **** ****** *** ***** compliance.

******* ****, **** ***** *** ***** to ******* ** ****** *** ***********(*) that ******** ******* ** *** "******** associate," (*******) ******.

Agree: 2

Disagree

Informative

Unhelpful

Funny

Undisclosed End User #5

In reply to Undisclosed Manufacturer #4 | 03/18/21 06:35pm

** ** * ********** ** *** actual ********** ******** ** *********** *** maintaining ***** ********** *** ** ** that ******** *** *** ** **** liable *** ******* ** ******. ******** these ******* **** ******* **** ****** is * ********* *** *** ******** and ******* ** ** **** *** cameras *** ** ***** (** **** as *** *** ***** ******* ******** and ******** ** *** *****.)

Agree: 2

Disagree

Informative

Unhelpful

Funny

Undisclosed Manufacturer #6

In reply to Undisclosed End User #5 | 03/19/21 07:32pm

*** ********/******* ************ *** **'* ********* are ** ****** ********** *********** ** protect *** **** ** ***** ******** in ********** **** *** ********** *** compliance ************, ********* *********** *** ***** by *****.

**** ******** *******, *** ******* *** user ********* ******* *** ****** ** not **** ******* ***** ********** ************, but ** **** *** ******* ******* them.

**** ** * ****** *** *** claim ***** **********, *** ********** *********** would ** **** ** ****** ** not ***** ** ********* ******* *** general ******* ** ** ************* ******* data. ******* ** ***** **** *** expect **** ****** ** ********* ********* Federal ******* **** *** ******* *** privacy ** *** "*********"!

******* ********* *** ********* ** *** end ***** ******** ********* *******, *** privacy ** ***** *********, *** ***** customers ** ******* **** ******* ***. But *** **** ****, **** **** improperly ******* **** *** ******** *** services **** ******* ********* ***** ** a *** ********** ** ***** *******. The ***** ** ****** ** *** of ***** **** ***** *** ***** mess ************ ** ** *******.

Agree: 3

Disagree

Informative

Unhelpful

Funny

John Honovich

IPVM | 04/16/21 12:49pm

******: ******* *** ******* ********* *** HIPAA '*************'* ******, *.*.:

*** *******'*"********** & ******** ***********" ***************** ****** ***** ** * ******** that "******* ******* *** ********* *******":

IPVM Image

*** **** *** ****** ****** **** Verkada ** ********* **** ***** *********, but ***** *** ******* ** *************:

Agree

Disagree

Informative: 3

Unhelpful

Funny

Undisclosed Manufacturer #7

04/16/21 01:27pm

****'* ****** ** *** **** *** compliant ******* **** ** *** ********* ... ********* ** *** *****. ***, when ***** ***** *** *** *** this...

Agree

Disagree

Informative

Unhelpful

Funny: 1

John Honovich

IPVM | 05/17/21 12:03am

******* ** **** ** ********* ***** compliance ** **** ******** **:

IPVM Image

Agree

Disagree

Informative: 2

Unhelpful

Funny: 1

Login to read this IPVM report.

Why do I need to log in?

IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.

False Verkada HIPAA Compliance And Legal Risks Investigated

Comments (12)

John Honovich

Undisclosed #1

John Honovich

Undisclosed #2

Undisclosed Integrator #3

Conor Healy

Undisclosed Manufacturer #4

Undisclosed End User #5

Undisclosed Manufacturer #6

John Honovich

Undisclosed Manufacturer #7

John Honovich

Login to read this IPVM report.

Subscriber Login

Loading Related Reports

Login to view the video.