Cybersecurity lessons from the Vastaamo psychotherapy data breach for psychiatrists and other mental healthcare providers.

Saved in:
Bibliographic Details
Title: Cybersecurity lessons from the Vastaamo psychotherapy data breach for psychiatrists and other mental healthcare providers.
Authors: Looi, Jeffrey CL (AUTHOR), Allison, Stephen (AUTHOR), Bastiampillai, Tarun (AUTHOR), Maguire, Paul A (AUTHOR), Kisely, Steve (AUTHOR), Reutens, Sharon (AUTHOR), Looi, Richard CH (AUTHOR)
Source: Australasian Psychiatry. Feb2025, Vol. 33 Issue 1, p106-110. 5p.
Subjects: Electronic health records, Medical personnel, Data protection, Multi-factor authentication, Data security failures
Abstract: Objective: The Vastaamo psychotherapy data breach in Finland is perhaps the largest cybersecurity incident in mental healthcare to date, resulting in significant patient harm. There are specific lessons for mental healthcare providers from an analysis of the incident. Method: Case study of this specific electronic health record data breach, based on detailed media reporting. Results: The issues raised include: the importance of governance of the cybersecurity of sensitive personal patient data, such as compliance with legislative requirements on privacy and data security; specific security measures such as de-identification of data, data protection via passwords, multi-factor authentication, firewalls and encryption; and timely and effective communication, and support of those who have been affected. Conclusions: The implications for mental healthcare providers, including psychiatrists and trainees, are that, within their capability, providers need to assess the efficacy and robustness of cybersecurity of electronic health record systems they use, and carefully consider the information that is recorded to minimise exposures such as in the Vastaamo breach. [ABSTRACT FROM AUTHOR]
Copyright of Australasian Psychiatry is the property of Sage Publications Inc. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Psychology and Behavioral Sciences Collection
Full text is not displayed to guests.
Description
Abstract:Objective: The Vastaamo psychotherapy data breach in Finland is perhaps the largest cybersecurity incident in mental healthcare to date, resulting in significant patient harm. There are specific lessons for mental healthcare providers from an analysis of the incident. Method: Case study of this specific electronic health record data breach, based on detailed media reporting. Results: The issues raised include: the importance of governance of the cybersecurity of sensitive personal patient data, such as compliance with legislative requirements on privacy and data security; specific security measures such as de-identification of data, data protection via passwords, multi-factor authentication, firewalls and encryption; and timely and effective communication, and support of those who have been affected. Conclusions: The implications for mental healthcare providers, including psychiatrists and trainees, are that, within their capability, providers need to assess the efficacy and robustness of cybersecurity of electronic health record systems they use, and carefully consider the information that is recorded to minimise exposures such as in the Vastaamo breach. [ABSTRACT FROM AUTHOR]
ISSN:10398562
DOI:10.1177/10398562241291340