Normally, something about a Skype vulnerability might be posted over on DataBreaches.net instead of this site, but because therapists may use Skype for online therapy or to communicate with patients, I thought maybe I’d post this one here. Swati Khandelwal writes:
A serious vulnerability has been discovered in Microsoft-owned most popular free web messaging and voice calling service Skype that could potentially allow attackers to gain full control of the host machine by granting system-level privileges to a local, unprivileged user.
The worst part is that this vulnerability will not be patched by Microsoft anytime soon.
Read more on The Hacker News.
Whether Skype is HIPAA-compliant is something that continues to be debated, and I don’t feel qualified to offer any technical or legal opinion on that question, although as I mentioned on Twitter recently, if your choice is whether to absorb some risk or the patient doesn’t get any therapy and has no options, well, it’s worth considering. And as attorney Matt Fisher commented, some of the issue can be addressed by informing the patient of possible risks, and then allowing the patient to make an informed decision.