From Finland — by way of our Jackson Lewis Workplace Privacy, Data Management, and Security Report blog — comes the story of a healthcare provider whose refusal to pay a ransom to cyberattackers resulted in a particularly disturbing compromise of customer data: the threat of public disclosure of patient psychotherapy records.

“This incident reveals a troubling pattern of cyberattacks now extending to individuals served by the organizations compromised — patients, students, customers, members, employees, etc.,” writes Joseph Lazzarotti, founder and Leader of the Jackson Lewis Privacy, Data and Cybersecurity practice group. “Organizations devote significant resources to securing their networks and protecting the data they maintain. While that is necessary, considering the nature of the threats and current trends, it likely is not sufficient.”

Any compromise of sensitive personal information can harm employees or customers. A breach of this nature can be particularly damaging. Consider the potential impact of a cyberattack that subjects employee emails and other documents — work-related or otherwise — to scrutiny for purposes of ransom demands. Also consider the significant risk of class-wide liability for such a breach.

Read about the incident here.