In 2020, one of the most devastating breaches in health tech history occurred. A psychotherapy company in Europe was hacked, and over 33,000 private therapy session notes were stolen. The attacker didn’t just leak the data; they attempted to extort individual patients. Some stories linked to this breach ended in tragedy, including multiple suicides.
It’s a heartbreaking example of how data insecurity isn’t just a technical issue. It’s deeply human.
The hardest part? It could have been prevented with a few basic security habits.
Whether you’re a founder, a CTO, or part of a fast-moving team, these three simple practices can dramatically reduce your risk of a breach and protect the people who count on you.
Prepare Your Email
Lock Down Your Credentials
Keep Everything Up to Date
1. Prepare Your Email (Seriously)
Email systems are one of the most common entry points for attackers. Fortunately, they’re also one of the easiest places to strengthen your defenses.
Here’s where to start:
- SPF, DKIM , and DMARC:These DNS records validate your identity and prevent domain spoofing. Think of them as your email’s passport, visa, and ID card.
- Phishing and spam filters: Don’t rely on defaults. Tune these filters more aggressively than you’re used to. It’s better to quarantine too much than too little.
How Alternova supports you:
We help configure these protocols and protections so your email becomes a closed door, not an open invitation. From DNS setup to aggressive phishing filters, we make sure your first line of defense is rock solid.
2. Lock Down Your Credentials
Credentials are the keys to your kingdom. Attackers are always looking for copies.
Some of the most damaging breaches happen when secrets get casually shared — a password in a Slack message, a token in a shared doc, or a .env file in a repo.
Here’s how to lock things down:
- Use a secure password manager like Passbolt to handle internal credentials.
- For external sharing, use encrypted secret-sending tools. Never email passwords.
- Triple-check that your team isn’t saving secrets in plain text or hardcoding them into codebases.
We help you move from risky habits to secure systems.
We can host a private, secure Passbolt instance for your team.
We set up secret-sharing workflows that protect sensitive data.
We guide your transition from .env files to encrypted secret vaults.
It’s not just about tools. It’s about creating habits that scale with you.
3. Keep Everything Up to Date
Unpatched software is like a rusty lock. It might still function, but it’s far easier to break.
Every week, new vulnerabilities are discovered in operating systems, packages, and libraries. If your systems aren’t regularly updated, those vulnerabilities stack up quickly.
Here’s what you need:
- Automated tools that scan for outdated components.
- Pipelines that block insecure code from reaching production.
How Alternova supports you:
We help you implement CI/CD pipelines that automatically scan your code, Docker images, and dependencies.
We ensure that no deployment moves forward unless all security checks pass.
You’ll sleep better knowing that every build is automatically verified before it goes live.
Final thoughts
Most breaches don’t happen because an attacker is brilliant. They happen because a team is growing fast, juggling priorities, and something slips. These three habits (securing your email, protecting credentials, and staying current with updates) can make all the difference.
And if you need a partner, we’re here.
At Alternova, we help health tech teams like yours build secure infrastructure, lock down sensitive data, and stay compliant. Your work can scale with confidence.
Let’s protect what matters. Together.