A hacktivist group gained access to Verkada’s network, exposing vulnerabilities in their security practices. More details regarding the Verkada breach are discussed.
Verkada Breach Exposes Video Surveillance of Healthcare Facilities
On March 9, 2021, Verkada began notifying customers that it had experienced a breach affecting surveillance data.
A hacktivist group used super admin login credentials that they found publicly posted online to gain access to Verkada’s network. It is likely that these login credentials were exposed in a previous breach, and the failure to reset passwords ultimately led to the most recent Verkada breach.
“We have identified the attack vector used in this incident, and we are confident that all customer systems were secured as of approximately noon PST on March 9, 2021. If you are a Verkada customer, no action is required on your part,” the company said.
Upon gaining access to the network during the breach, the hackers were able to view live video surveillance of 150,000 security cameras including those in private homes, ICU in hospitals, prison cells, interrogation rooms, gyms, and elementary schools. They were also able to access the surveillance video of Nissan, Tesla, and Cloudflare.
In addition to having access to live video feed, hackers were also able to access video archives. They provided proof that they had the video archives by sharing some of the videos with Bloomberg, including a video from a Florida hospital showing both patients and staff members. This should be of concern for healthcare organizations as video footage of patients is considered protected health information (PHI) under HIPAA. As such, there is likely to be an investigation by the Department of Health and Human Services’ Office for Civil Rights to determine whether of not Verkada, a business associate, violated the regulation.
Although internal investigations are still underway, it appears as though clients names and email addresses were also compromised in the incident. The company furthered, “We can also confirm that the attackers gained access to a tool that allowed the execution of shell commands on a subset of customer cameras; however, we have no evidence at this time that this access was used maliciously against our customers’ networks. All shell commands issued through our internal tool were logged.”