When data breach hits a psychotherapy clinic: The Vastaamo case

Q2 Social Sciences Journal of Information Technology Teaching Cases Pub Date : 2024-06-07 DOI:10.1177/20438869241258235

Hadi Ghanbari, Kari Koskinen

{"title":"When data breach hits a psychotherapy clinic: The Vastaamo case","authors":"Hadi Ghanbari, Kari Koskinen","doi":"10.1177/20438869241258235","DOIUrl":null,"url":null,"abstract":"This teaching case demonstrates the crucial role of information security and data protection in the digital era. To this end, we first discuss the importance of data protection and information security as essential business capabilities for modern organisations. We argue that approaching information security from a business model perspective, instead of a purely technical perspective, enables companies to better understand the value of data protection for ensuring business continuity and long-lasting business relationships with customers and partners. To support this viewpoint, we draw on the biggest data breach in the history of Finland that affected over 33,000 patients of Vastaamo Psychotherapy Centre. While the breach led to Vastaamo’s bankruptcy and financial and legal consequences for several stakeholders, the significance of the breach lies in its societal impact. The breadth and cruelty of the breach caused outrage across the country and led to raising consumer and industry awareness of cybersecurity. As such, this teaching case enables the audience to better understand the consequences of information security incidents on firms and their stakeholders.","PeriodicalId":37921,"journal":{"name":"Journal of Information Technology Teaching Cases","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Technology Teaching Cases","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1177/20438869241258235","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"Social Sciences","Score":null,"Total":0}

引用次数: 0

Abstract

This teaching case demonstrates the crucial role of information security and data protection in the digital era. To this end, we first discuss the importance of data protection and information security as essential business capabilities for modern organisations. We argue that approaching information security from a business model perspective, instead of a purely technical perspective, enables companies to better understand the value of data protection for ensuring business continuity and long-lasting business relationships with customers and partners. To support this viewpoint, we draw on the biggest data breach in the history of Finland that affected over 33,000 patients of Vastaamo Psychotherapy Centre. While the breach led to Vastaamo’s bankruptcy and financial and legal consequences for several stakeholders, the significance of the breach lies in its societal impact. The breadth and cruelty of the breach caused outrage across the country and led to raising consumer and industry awareness of cybersecurity. As such, this teaching case enables the audience to better understand the consequences of information security incidents on firms and their stakeholders.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

当数据泄露袭击心理治疗诊所时：Vastaamo 案例

本教学案例展示了信息安全和数据保护在数字时代的关键作用。为此，我们首先讨论了数据保护和信息安全作为现代企业基本业务能力的重要性。我们认为，从商业模式的角度而非纯粹的技术角度来看待信息安全问题，能让企业更好地理解数据保护在确保业务连续性以及与客户和合作伙伴保持长久业务关系方面的价值。为了支持这一观点，我们以芬兰历史上最大的数据泄露事件为例，该事件影响了 Vastaamo 心理治疗中心的 33,000 多名患者。虽然这次数据泄露导致瓦斯塔莫公司破产，并给多个利益相关者带来了经济和法律后果，但这次数据泄露事件的意义在于其社会影响。漏洞的广泛性和残酷性引起了全国人民的愤怒，并提高了消费者和行业的网络安全意识。因此，本教学案例使受众能够更好地理解信息安全事件对企业及其利益相关者造成的后果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Journal of Information Technology Teaching Cases Social Sciences-Library and Information Sciences

CiteScore

2.30

自引率

0.00%

发文量

期刊介绍： The Journal of Information Technology Teaching Cases (JITTC) provides contemporary practical case materials for teaching topics in business and government about uses and effectiveness of technology, the organisation and management of information systems and the impacts and consequences of information technology. JITTC is designed to assist academics, scholars, and teachers in universities and other institutions of executive education, as well as instructors of organizational training courses. Case topics include but are not restricted to: alignment with the organization, innovative uses of technology, emerging technologies, the management of IT, including strategy, business models, change, infrastructure, organization, human resources, sourcing, system development and implementation, communications, technology developments, technology impacts and outcomes, technology futures, national policies and standards.