Security Experts:

Connect with us

Hi, what are you looking for?



Private Psychotherapy Notes Leaked in Major Finnish Hack

The confidential treatment records of tens of thousands of psychotherapy patients in Finland have been hacked and some leaked online, in what the interior minister said Monday was “a shocking act.”

The confidential treatment records of tens of thousands of psychotherapy patients in Finland have been hacked and some leaked online, in what the interior minister said Monday was “a shocking act.”

Distressed patients flooded victim support services over the weekend as Finnish police revealed hackers accessed records belonging to private company Vastaamo, which runs 25 therapy centres across Finland.

Thousands have filed police complaints over the breach, they added.

Many patients reported receiving emails with a demand for 200 euros ($236) in bitcoin to prevent the contents of their discussions with therapists being made public.

“The Vastaamo data breach is a shocking act which hits all of us deep down,” Interior Minister Maria Ohisalo wrote on her website on Monday.

Finland must be a country where “help for mental health issues is available and it can be accessed without fear.”

Ministers met for crisis talks this weekend, with further emergency discussions tabled for the coming week over the unprecedented data breach.

“We are investigating an aggravated security breach and aggravated extortion, among other charges,” Robin Lardot, the director of Finland’s National Bureau of Investigation, told a news conference at the weekend.

Lardot added that they believed the number of patients whose records had been compromised numbered in the tens of thousands.

On Monday evening, Vastaamo said it had fired its CEO, Ville Tapio, after an internal enquiry discovered that he had concealed a March 2019 data breach from the board and the firm’s parent company.

The firm admitted flaws in the security of its customer data, “which allowed criminals to break into the database up until March 2019,” Vastaamo said in a statement.

The company’s owner, PTK Midco Oy, on Monday launched court proceedings “in relation to its May 2019 purchase of Vastaamo,” the statement added.

– ‘Justifiably worried’ –

Security experts reported that a 10-gigabyte data file containing private notes between at least 2,000 patients and their therapists had appeared on websites on the so-called dark web.

The hack, which targeted some of society’s most vulnerable including children, has caused widespread shock in the Nordic country of 5.5 million, with ministers gathering on Sunday to discuss how to support the patients whose sensitive data had been leaked.

“It is absolutely clear that people are justifiably worried not only about their own security and health but that of their close ones, too,” Ohisalo told reporters late on Sunday.

On Monday, authorities launched a website for victims of the cyberattack, offering advice and telling them not to pay the ransom demand.

“Do not communicate with the extortionist, the data have most likely already been leaked elsewhere,” the “Data Leak Help” site said. 

Mental health and victim support charities reported being overwhelmed with calls from distressed people fearing that their intimate conversations with their therapists would be publicly released.

– Nothing ‘to be ashamed of’ –

One of the recipients of a blackmail threat, the former MP Kirsi Piha, tweeted a screenshot of the ransom message along with a defiant reply to the hackers.

“Up yours! Seeking help is never something to be ashamed of,” Piha wrote.

“I’ve seen a lot, but I haven’t seen this,” Mikko Hypponen, chief research officer at data security firm F-Secure said in a statement.

“I don’t think there’s a crime in our criminal history which would have more victims than this one.”

Hypponen, an internationally renowned cybersecurity specialist, said the perpetrator used the alias “ransom_man”, and said he was only aware of one other patient blackmail case, where a cosmetic surgery clinic in Florida had a smaller amount of data stolen in 2019. 

On Monday, Finland’s social care regulator said in a statement it was investigating Vastaamo’s practices, including how well patients were kept informed of the breach.

Meanwhile, the head of the state digital services agency DVV, Kimmo Rousku, said that the cyberattack could have been avoided if Vastaamo had used better encryption.

DVV published a checklist on Monday for firms to make sure their digital security is in order.

“Management needs to wake up,” Rousku told public broadcaster Yle.

A phone line offering legal advice had also been set up, the country’s consumer authority announced.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...