Article Text

Download PDFPDF

2 The Vastaamo psychotherapy data breach: what are the lessons for healthcare services?
Free
  1. Jeffrey CL Looi1,2
  1. 1Academic Unit of Psychiatry and Addiction Medicine, School of Medicine and Psychology, The Australian National University, Canberra, ACT, Australia
  2. 2Consortium of Australian-Academic Psychiatrists for Independent Policy Research and Analysis, Canberra, ACT, Australia

Abstract

Aims To update clinicians and medical administrators on the realised risks of a electronic health record data breach in Finland, of the psychotherapy records for 33,000 patients.

Methods Selective narrative review and commentary regarding electronic health record data breaches of sensitive information.

Results The recent Vastaamo psychotherapy provider data breach demonstrate the realised risks for electronic health records, including extortion and the publication of sensitive information. Tragically, some patients were reported to have suicided due to the extortion attempt. Stolen records and identity data remains on the darknet, exposing patients to ongoing misuse of their information. The convicted hacker has been jailed, and the lead for the psychotherapy provider received a suspended jail sentence.

Conclusions Electronic health record data breaches of sensitive information have occurred, and could be considered inevitable. Healthcare providers must ensure cybersecurity of sensitive records, and perhaps a compromise is to store such information permanently offline. Contemporaneous advice for such data breaches is necessary for patients. Governmental regulation of electronic health record privacy and security is needed.

Statistics from Altmetric.com

Request Permissions

If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.