Increasing levels of awareness surrounding mental health are heartening. It’s good to see more forms of support available for those struggling. From helplines to online chat services to increasingly popular virtual therapy platforms, support is in no short supply. In particular, virtual therapy has blazed a trail, allowing those in need of a helping hand affordable consultations. For many, it may feel much less intimidating to speak through a screen rather than in person. It’s certainly much more convenient to conduct an appointment from the comfort of your own home, rather than travelling to an office.
However, these benefits sometimes hide numerous dangers. Cybersecurity faults and consultant vetting oversights have the potential to put users at risk, with potentially severe consequences for those in a vulnerable state. So, does this mean virtual therapy is riskier than in-person appointments, and is there any way to combat potential exploits to protect users?
Seeking Help is Risky Business
The answer is both yes and no. Cyberattacks are one of the most insidious threats facing teletherapy platforms. Bad actors can hold user data hostage unless the company — or the users themselves — pay up. These kinds of events could prove traumatic to those who are already emotionally on the edge, and the threat of having sensitive information that was entrusted to a therapist released to the wider world could very well be the last straw. Therapist notes often contain the most intimate details of a patient’s thoughts, memories and fears, and the stress of having such confidential information laid bare to the world can have dire consequences for patients who are seeking help.
We’ve already seen controversy from BetterHelp. The world’s largest online therapy platform allegedly shared confidential data with advertisers, settling a data privacy lawsuit for $7.8 million. Another particularly notable incident occurred when Vaastamo was attacked in 2018. Hackers managed to penetrate the platform due to subpar data-security precautions. One research paper cited ‘a lack of encryption of sensitive data,’ which is particularly concerning when you consider that similar failures could happen on any teletherapy website. It only takes one weak point in the database to leak patient records containing names, addresses and much more.
The incident wasn’t made public until 2020, after attackers threatened to release therapist notes unless patients paid them two hundred euros following a failed attempt to extort 40 bitcoin from the company. However, it’s important to be aware that this issue is not exclusive to teletherapy. Many face-to-face therapists also store their records digitally, which leaves them open to similar attacks if data isn’t stored securely.
Can You Trust Your Online Shrink?
That said, the potential for malpractice online may still be higher. The credentials of would-be virtual therapists may be questionable at best, and while platforms generally try their utmost to vet their staff, there will always be those who cheat the system. Cases of people stealing the identities of other licensed professionals and posing as real therapists have been documented. When vetting is carried out by largely automated systems, it makes it much easier for scammers to slip through the cracks in the absence of human double-checking. The most surprising aspect is how long it can sometimes take to spot a problem. In the aforementioned case, it took approximately two years before anything was suspected.
The harm that an unqualified individual may cause can be very significant. Imagine somebody purporting to be a first-aider attempting to help in a life-or-death situation. The consequences could be fatal, and mental health is every bit as delicate as physical health. Those who seek therapy need qualified professionals who are properly vetted. But of course, as with so many things online, security and trust are formidable issues that are not easy to resolve in the age of AI fakery and widespread misinformation.
That’s not to say that traditional consultations negate all of these issues. Many therapists keep digital records to prevent paper copies from being lost or destroyed, and these have just as much potential to be hacked. Bad apples can also make their way through in-person recruitment processes, giving them opportunities to abuse the trust of their patients. There’s perhaps less scope to do this offline, but documents and credentials can still be forged very easily with the correct expertise. The best advice is to double-check everything. Seek recommendations from real people where possible. Verify that the ‘reviews’ are real rather than AI-generated. And, if you feel something is not quite right, act on that hunch — intuition can be a formidable weapon of self-protection.
Online therapy has two faces. Its beauty lies in its accessibility — anyone with an internet connection can find help. But this also makes it easier to abuse the system and bring real harm to real people when power falls into the wrong hands. The providers of teletherapy services must take all necessary precautions to safeguard people’s private information. Perhaps now is a good time to admit that tighter regulation of this rapidly expanding sector should be a priority.
DISCLAIMER: The articles on our website are not endorsed by, or the opinions of Shout Out UK (SOUK), but exclusively the views of the author.
