Finnish Hacker Gets Prison for Accessing Thousands of Psychotherapy Records and Demanding Ransoms

A Finnish court on Tuesday sentenced a 26-year-old man to six years and three months in prison for hacking thousands of patient records at a private psychotherapy center and seeking ransom from some patients over the sensitive data.

The case has caused outrage in the Nordic nation, with a record number of people — about 24,000 — filing criminal complaints with police.

In February 2023, French police arrested well-known Finnish hacker Aleksanteri Kivimäki, who was living under a false identity near Paris. He was deported to Finland. His trial ended last month.

The Länsi-Uusimaa District Court said Kivimäki was guilty of, among other things, aggravated data breach, nearly 21,000 aggravated blackmail attempts and more than 9,200 aggravated disseminations of information infringing private life.

The court called the crimes “ruthless” and “very damaging” considering the state of people involved.

According to the charges, Kivimäki in 2018 hacked into the information system of the Vastaamo psychotherapy center and downloaded its database of some 33,000 clients.

Vastaamo, which declared bankruptcy in 2021, had branches throughout the country of 5.6 million people and operated as a sub-contractor for Finland’s public health system.

Prosecutors said Kivimäki first demanded that Vastaamo pay him an amount equivalent to around 370,000 euros ($396,000) in bitcoins in exchange for not publishing the patient records.

When the center refused, Kivimäki in 2020 began publishing patient information on the dark web and sent patients messages demanding a ransom of 200 euros or 500 euros. About 20 patients paid, prosecutors said.

Kivimäki denied all charges. His lawyer said he would likely appeal. Prosecutors had sought seven years in prison, the maximum for such crimes under Finnish law.

Kivimäki was first convicted at age 15 after hacking into over 50,000 servers with software he developed, Finnish newspaper Ilta-Sanomat reported in 2022.

In the United States, he was convicted over hacking cases involving the U.S. Air Force and Sony Online Entertainment.