Article Text
Abstract
Aims To update clinicians and medical administrators on the realised risks of a electronic health record data breach in Finland, of the psychotherapy records for 33,000 patients.
Methods Selective narrative review and commentary regarding electronic health record data breaches of sensitive information.
Results The recent Vastaamo psychotherapy provider data breach demonstrate the realised risks for electronic health records, including extortion and the publication of sensitive information. Tragically, some patients were reported to have suicided due to the extortion attempt. Stolen records and identity data remains on the darknet, exposing patients to ongoing misuse of their information. The convicted hacker has been jailed, and the lead for the psychotherapy provider received a suspended jail sentence.
Conclusions Electronic health record data breaches of sensitive information have occurred, and could be considered inevitable. Healthcare providers must ensure cybersecurity of sensitive records, and perhaps a compromise is to store such information permanently offline. Contemporaneous advice for such data breaches is necessary for patients. Governmental regulation of electronic health record privacy and security is needed.