Ever been to a therapist?

While we can all agree our health information is private and could be embarrassing if made public, few parts of our health information could be as devastating as notes from mental health professionals. Unfortunately, a recent breach of 10 gigabytes of data, representing tens of thousands of patients, was made public, and it’s horrified a nation. The country is Finland, but the scenario could just as easily be happening here. Why?

What made this attack particularly nefarious is the hackers sought to extort the patients themselves by threatening to release the notes to their friends and family members, as opposed to just the compromised company itself. 

The truth is, we work with many mental health medical offices, and their systems and processes are among the most vulnerable we encounter. Most mental health practitioners create their notes on laptops or other portable devices. Their data is rarely off-loaded or synchronized with servers, so the information often remains resident on that portable device. Fortunately, many mental health professionals take the protection of your Protected Health Information seriously, but not all do. The reality is they’re among the most vulnerable of all health professionals, and the PHI they retain, which often includes your financial information, is among the most sought after. 

While it may not be true for all of us, for many, the information we share with therapists could be devastating to our families and to our careers. Knowing that this information may be loosely guarded should be concerning to everyone who seeks that type of counsel. 

Right now the 5.5 million residents of Finland are dealing with the reality that over 2,000 of their neighbors are having the most sensitive and intimate details of their lives being sold on the dark web to be used for blackmail or worse. Some of these victims may already be in a fragile mental state, and this event only further traumatizes them. 

It’s critical our mental health professionals recognize the value of the information they collect. Fortunately, as I stated earlier, most do appreciate this fact, and take the necessary precautions required by HIPAA. If you’re a mental health professional and you have any questions at all about your practices, if they’re HIPAA compliant, or if they’re as secure as they could be, we’re happy to help. 

Don’t let fear stop you from living or seeking the help you may need. Live in abundance.


If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.


For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.