Private psychotherapy notes leaked in major Finnish hack

27 Oct, 2020

HELSINKI: The confidential treatment records of tens of thousands of psychotherapy patients in Finland have been hacked and some leaked online, in what the interior minister said Monday was "a shocking act."

Distressed patients flooded victim support services over the weekend as Finnish police revealed hackers accessed records belonging to private company Vastaamo, which runs 25 therapy centres across Finland.

Thousands have filed police complaints over the breach, they added. Many patients reported receiving emails with a demand for 200 euros ($236) in bitcoin to prevent the contents of their discussions with therapists being made public.

"The Vastaamo data breach is a shocking act which hits all of us deep down," Interior Minister Maria Ohisalo wrote on her website on Monday.

Finland must be a country where "help for mental health issues is available and it can be accessed without fear."

Ministers met for crisis talks this weekend, with further emergency discussions tabled for the coming week over the unprecedented data breach.

"We are investigating an aggravated security breach and aggravated extortion, among other charges," Robin Lardot, the director of Finland's National Bureau of Investigation, told a news conference at the weekend.

Lardot added that they believed the number of patients whose records had been compromised numbered in the tens of thousands.

On Monday evening, Vastaamo said it had fired its CEO, Ville Tapio, after an internal enquiry discovered that he had concealed a March 2019 data breach from the board and the firm's parent company.

The firm admitted flaws in the security of its customer data, "which allowed criminals to break into the database up until March 2019," Vastaamo said in a statement. The company's owner, PTK Midco Oy, on Monday launched court proceedings "in relation to its May 2019 purchase of Vastaamo," the statement added.

Read Comments