In the Courts, Cameras, and Exchange episode of the Help me with HIPAA podcast, Donna and David once again talk about how easy it is for us to be exposed. And I don’t mean your fly being down, although they do mention that in this episode. So back in 2019, Donna and David talked about cameras in the podcast episode Smile You Are On Camera. Way back then, they discussed the importance of segmenting cameras on your network so that someone can’t just drop in to see what’s going on within your company, how you need to think about where your cameras are located and what PHI may be exposed to the cameras.
In this recent episode, Courts, Cameras, and Exchange, Donna and David talk about a cloud based camera company called Verkadas. Verkadas is a fast-growing cloud surveillance camera company that left over 150,000 cameras exposed on the internet. These cameras are located in schools, local government buildings, hospitals and many other places. Hackers found hard coded backdoor credentials to these cameras exposed publicly on the internet. This is just another example of how every device needs to be secured, how network segmentation is a good idea and why your IT team needs to be aware of every piece of equipment that comes into your office.
As for these security cameras, you should document how the cameras are secured, where the video feed is stored, who is in charge of storing and backing up the feed, etc. Also, if you have a third party providing any of these camera services, have you vetted them? Most small businesses think that if they hire a large company they must have great security in place, but that is not always the case. Some of Verkada’s customers are big names, like The Salvation Army, Fastenal, Sunkist, just to name a few. You may think that if The Salvation Army can trust Verkadas with their data then surely a small practice will be secured. But obviously this is not always the case. It is in our best interest to have a policy to vet all vendors no matter how small or big.