They Told Their Therapists Everything. Hackers Leaked It All | WIRED #privacy wired.com/story/vastaamo…
10/2020 #Vastaamo announced catastrophic #databreach : “exposed its entire patient database to the open internet—not just email addresses and social security numbers, but the actual written notes that therapists had taken” #privacy #counselling #tech
“After each session, Jere’s therapist typed out his notes and uploaded them to Vastaamo’s servers. “I was just being honest,” Jere says. He had “no idea” that they were backing the information up digitally.” #counselling #tech #privacy
“ #Vastaamo ran the largest network of private mental-health providers in Finland. In a country of just 5.5 million—about the same as the state of Minnesota—it was the ‘McDonald’s of psychotherapy’ “ #counselling #tech
“out of all the countries on earth, Finland should have been among the best able to prevent such a breach. …it is widely considered a pioneer in digital health” #counselling #tech #privacy
“ #Vastaamo ’s system violated one of the “first principles of cybersecurity”: It didn’t anonymize the records. It didn’t even encrypt them. The only thing protecting patients’ confessions and confidences were a couple of firewalls and a server login screen” #privacy #counselling
There were “two previously unreported breaches at #Vastaamo , in late 2018 and the spring of 2019”
“In early January of this year, the #Vastaamo patient database [in a reduced size to encourage sharing]. reappeared on at least 11 anonymous file-sharing services across the public internet” #counselling #tech #privacy
“now more than ever, patients will not risk having their [#counselling ] data travel beyond the consultation room.”
“it will be impossible to know exactly how “the incident” began. Would it have happened, for example, if Finland had been more proactive in policing electronic medical systems? Or if Tapio had implemented a more secure system? “
“What’s clear is how it ended—in the most painful way possible for tens of thousands of patients” when their confidential #counselling & #personalinformation was published online. #privacy #tech #Vastaamo
“As more health care systems across the world go digital, the risk of that outcome rises” #privacy #confidentiality #tech #counselling #databreach
• • •
Missing some Tweet in this thread? You can try to
force a refresh
