Connect with us

Hi, what are you looking for?


Identity & Access

Finland Fast-Tracks ID Code Law Change After Hacking Case

The government of Finland said Thursday it was preparing legislation that would allow citizens to change their personal identity codes in cases of gross data breaches that carry a high risk of identity theft.

The government of Finland said Thursday it was preparing legislation that would allow citizens to change their personal identity codes in cases of gross data breaches that carry a high risk of identity theft.

The government’s fast-tracked proposal was designed primarily to assist thousands of people whose personal information was stolen during a hacking of patient records at a private Finnish psychotherapy center.

All Finns receive a personal identity code at birth to allow them to access most public and many private services. Under Finland’s current law, the criteria for changing one’s code are strict and, according to the government, cannot be applied in advance to prevent criminal or other significant harmful activity.

The legislation being drafted would make the process slightly easier.

“The work will start immediately, and the laws will be completed by the beginning of next year,” said Minister of Local Government Sirpa Paatero who is in charge of the Finnish government’s electronic services.

Finland also wants to develop a webpage that enables citizens to report a suspected theft of their personal data and to block unauthorized use of the information.

Finnish police estimate that up to 40,000 clients of the Vastaamo psychotherapy clinic may have had their data compromised in two likely breaches of its information systems in 2018 and 2019. The clinic has several branches throughout Finland and operates as a sub-contractor for the Nordic country’s public health system,

Advertisement. Scroll to continue reading.

The hacking episodes were revealed last month. The still unknown perpetrator or perpetrators published at least 300 patient records containing names, personal identity codes and contact information on the anonymous “dark web” Tor network.

Soon after, dozens of Vastaamo clients received ransom demands to pay money in exchange for keeping their information private. Also the psychotherapy center reportedly received a demand for 450,000 euros ($531,000) in Bitcoin.

The case has stunned people in Finland, a nation of 5.5 million, and cybersecurity experts have described such gross misuse of patient records as exceptional even on an international level.

The National Bureau of Investigation said at the end of October that it had so far received some 15,000 complaints that victims of the clinic data breaches filed with police.

RelatedFinland Shocked by Therapy Center Hacking, Client Blackmail

RelatedTrump-Putin Meeting Puts Finland on Cyber-Attack Target List

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Identity & Access

NSA publishes recommendations on maturing identity, credential, and access management capabilities to improve cyberthreat protections.