Zoom, the group meeting software used for UM classes, clinics and meetings, is raising security concerns, according to UM’s chief information officer.
UM has relied on Zoom for remote classes during the COVID-19 pandemic. CIO Renae Scott said she sent the April 8 email in response to concerns from faculty and articles about security issues, as well as Zoombombing — when trolls disrupt meetings with graphic content.
The number of daily users on Zoom grew to more than 200 million last month compared to the former maximum total of 10 million, according to Reuters. As the service has experienced increased use in schools at all levels, it has received numerous reports of intruders disrupting classes and meetings, the Washington Post reported. Some school districts have banned the service, including the New York City Department of Education. Scott said she had not heard of any cases of Zoombombing at UM.
UM has subscribed to Zoom’s enterprise version for at least three years, which has several features the free version doesn’t, according to Scott. These include encrypting the data transmitted, giving users the option to record meetings and requiring participants to sign in with their Net ID.
Scott recommends hosts use passwords for meetings, share links sparingly and use the virtual waiting room feature, where participants must wait for the host’s permission to join a meeting. The FBI’s Boston office additionally recommends restricting screen sharing to just the host and ensuring users have the updated version, which has better security.
UM can view aggregate data about the number of meetings and number of users on Zoom in a day, but nothing about individual users, according to Scott. She said the service does not share individual information as far as the University is aware.
The University also has access to a HIPPA-compliant version of Zoom, according to Jonathan Neff, director of IT for the College of Health Professions and Biomedical Sciences. He said clinics on campus like the UM Physical Therapy Clinic and the DeWit RiteCare Speech, Language and Hearing Clinic use the service to contact patients.
Curry Health Center started using the HIPPA-compliant version of Zoom for appointments on March 23 and has seven users, according to Medical Director Jeff Adams.
HIPPA, a federal law protecting patient privacy, requires data to be encrypted in transit and in storage, among other conditions, according to Neff. To comply with HIPPA, this version of Zoom has certain settings to prevent the company from accessing the personal health information it transmits, according to the company’s website. These include not allowing recording to the cloud, Neff said.
Neff said faculty who need access to this version submit a request to him. The next time they log in, the service asks to confirm that they want to switch. From then on, they can use the HIPPA-compliant version. The college has about 75 users on this version, Neff said.
UM announced April 8 it would move all in-person summer classes to remote instruction over Zoom, the Kaimin reported. It had not yet decided whether fall classes would be remote or in person.