How is Voltage secure HIPPA mail secure?

Aetna "encrypts" email so it is HIPPA compliant (using https://www.voltage.com/)

Basically: they send you an email with an encrypted .HTML attachment.  

You double-click the attachment and view the message as webmail on the aetna.com site.

I forwarded such a message to my hotmail account and could just double-click the attachment and view it fine.

I then forwarded it to my gmail account, and opened the message on my laptop (wifi network), and likewise can just click the attachment to open the message.

So, how is this secure?

It never asks for a password and seemingly doesn't use certificates (I'm in IT and not the destination HR user)

Any ideas?

Why couldn't they have just sent a link to the particular message on aetna.com?  Why all this hocus pocus encryption stuff to not even bother asking for a login userid/password?

Seems crazy!
mike2401Asked:
Who is Participating?
 
Adam BrownSr Solutions ArchitectCommented:
Read this for some entry level background on email encryption: http://wp.me/pUCB5-8q
You may not need to know all that, but I'm providing it as a way to get on the same page with you.

Voltage utilizes a fairly simple key exchange method for allowing access to the emails you send. The message is sent as a secure attachment that, when opened, checks your web browser for the correct key that is stored in a cookie, add-in, or some other client-side method. If the key for the message is found, it is seamlessly opened without prompting for credentials. If not, a login prompt is presented. If the recipient has never attempted to open a secured message before, they are prompted to register their email and a password to receive the proper key.

What I suspect is happening here is this; You are opening the message attachment on the same system you used to send the message. If you sent the message using the Outlook add-in for Voltage or the website set up to send messages directly using voltage, the key to unlock the message is already on your system and it doesn't matter which email address you open it with, the correct key will always be found and the message will open properly.

To test this theory, send another secure message to an email address you haven't tested yet, but open it on a completely different computer that you know you haven't used to open or create a secure email with. If it them prompts you to enter a username and password or register with the voltage service, then you'll know that the above theory is correct and the certificate you need was already on your computer, found, and used to open the HTML file. If it doesn't prompt you when you do this, I would communicate the issue with Voltage support.

As to why all this has to happen, it comes down to the fact that we can't guarantee that all receiving parties have enabled Opportunistic TLS on their mail servers. Even in the case that the message doesn't require a username and password on the new computer, the message is still being encrypted *in transit* in a way that prevents casual packet sniffing from examining the message data. This is, in effect, all that HIPAA requires from an email encryption standpoint.
0
 
mike2401Author Commented:
Wow Adam, that's an amazing answer, thank you!

I'm reading the link now!

Mike
0
 
mike2401Author Commented:
I'm going to quick close the call so you get all 500 points, even though I might have a follow-up question after I do the experiment.

Mike
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
mike2401Author Commented:
Amazing answer!
0
 
mike2401Author Commented:
If the cookie/certif is on the client pc, and I'm opening the message on an entirely different pc, I'm still not understanding how it would just open.

BTW, I have seen health portal type emails exactly as you described where the first time the user PICKS a password.  This always struck me as crazy as it doesn't seem like a good way to authenticate the FIRST message is being opened by the proper person.
0
 
Adam BrownSr Solutions ArchitectCommented:
Yeah. I've never really liked those methods for handling email "encryption" because they have huge weaknesses and they violate the normal recommendations that users never open attachments or follow links in Emails. But they do technically resolve the compliance requirements for encryption in transit, and they are way easier for the end users to use than S/MIME. Another solution is to require TLS encryption in outgoing emails, but every time I try to enable that option on an email server I invariably get mountains of bitching users getting NDRs because they sent a message to someone whose mail server doesn't support Opportunistic TLS (freaking idiot Linux mail server admins, for the most part).

I haven't really worked with Voltage myself, so I can't say exactly how it functions, and their documentation is really bad (surprising, I know). But when the only requirement is that the message be encrypted in transit, it does meet that requirement no matter what. You would have to have a full man-in-the-middle setup going to be able to read the message, and that's usually quite difficult to accomplish without having enough access to read everything in the mailbox anyway.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.