Cybersecurity in Mental Healthcare - The Overlooked Risk
Did you know the New-Age Therapeutic sector is unregulated? If that surprises you, then you’re not alone. I was a little surprised, too. Yes, there are various professional bodies a practitioner can join, and there are courses they can attend, but they aren’t forced to.
It should be noted that professional, licensed psychotherapists and psychologists are not only subject to prevailing regulations, such as HIPAA but are mandated reporters in the event of evidence of a person being a danger to themselves or others. A code of ethics also binds these professionals, and they are regularly required to complete continuing professional education training in order to maintain their licenses. Psychiatrists are licensed medical doctors and are subject to even stricter standards of professional conduct.
The unlicensed, unregulated practitioner community, from Reiki practitioners to crystal therapy healers, has no such requirements. These practitioners are unregulated and often couple their services to include relationship advice and work-related conversations. They’re discussing the full range of human emotions and events.
But they’re not discussing data protection. They may talk about online safety, but isn’t everyone these days? However, I’ve witnessed online discussions on social media platforms, where they are discussing client issues with other practitioners in an open forum. Of course, they might believe these forums are private because only other practitioners are members of that closed group. However, I was able to join one of these groups simply by agreeing to a few simple rules and stating that I was a practicing therapist. (I’ve read a couple of books on Cognitive Behavioural Therapy (CBT), so I am certain that I qualify).
This is clearly a problem, yet very few people are openly talking about it.
The Solution: Start a Dialogue
Very few conversations occur within the mental healthcare industry around cybersecurity, data protection, and information governance. Many are classified as sole traders, but they control and process some of the most sensitive data imaginable, yet they have a lack of understanding and awareness around what we might consider basic cybersecurity hygiene. Cybersecurity and data protection are alien topics to many who don’t see the risks associated with themselves or their clients.
Of course, this should come as no surprise to us, who are security professionals. However, these topics are low priority, if not fully absent to a sole proprietor who has a business to run. They simply don’t have time to consider how to safely and securely onboard new clients or how to install anti-malware tools, set up patch management, and maintain reliable backups.
These topics confuse people in general business, so any small business is equally ill-equipped to address these concerns. This is partly because the legislation and policies often speak to a generic population of professions rather than those who hold and work with data.
Improving Cybersecurity as a Community
As cybersecurity professionals, we need to speak up and support these industries that are there to help us. We need to help them help themselves. But we also need the government to stop focusing on the big and start thinking about the small. Data protection must be emphasized with equal vehemence for small businesses and small industries.
It is clear that the first step to any action is through meaningful conversations. As a community, we must communicate and educate these healing practitioners because we might need their help one day, too. If you seek their services, ask them about data protection. Ask them how the information you’re sharing with them will be protected.
In many cases, a legitimate business that has a website will have its privacy policy posted. Also, it is a person’s right to know if any information is being shared outside of the practitioner’s business.
When people seek the help of another in a professional setting, they are often in distress already and aren’t thinking about data protection. However, it is essential in a world that is increasingly overwhelmed and in need of support and is increasingly amassing large quantities of data. Cybercriminals seek opportunities to exploit our weaknesses and feed off our fears. Imagine what they can do if they gain access to your most profound wants and needs.
If you are in the cybersecurity and data protection profession, please consider how you can make a difference in this area. Let’s start this conversation today.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.