This is a frightening story. How many patients see their therapist without giving a second thought to where, and how, the therapist is keeping their notes. Probably not many. But, it can make a big difference, because if it’s not secure, those are your deepest, most private, conversations out there for all the world to see.
“Mikael Koivukangas, head of R&D at a Finnish medtech firm called Onesys Medical, points out that Vastaamo’s system violated one of the “first principles of cybersecurity”: It didn’t anonymize the records. It didn’t even encrypt them. The only thing protecting patients’ confessions and confidences were a couple of firewalls and a server login screen. “
On the other hand, given the number of Finnish citizens who were impacted by this, maybe we should also take advantage of this to reconsider the stigma around going to therapy in the first place. Knowing that someone saw a therapist shouldn’t be a fact that is worth ransoming.
Even if we got rid of that stigma though, I still wouldn’t want the notes of my own sessions from years back to be out in the open. It could be damaging to a lot of people even beyond myself. So, just encrypt your data people, take some cybersecurity precautions, and lessen the risk to the people you’re supposed to be serving.