A recent Cyber attack on a Finnish psychotherapy centre raises severe concerns about the security of your personal data and where it is stored.
The cyber attack was orchestrated by 26 year old Finish hacker Aleksanteri Kivimäki, who gained unauthorised access to the centre’s database compromising the therapy notes of over 33,000 patients, highlighting the critical importance of robust cybersecurity measures to safeguard sensitive data. He then engaged in a disturbing extortion scheme, targeting both Vastaamo (the psychotherapy centre) and the individual patients.  

The Attack and Extortion Scheme 

Whilst specific technical details of the attack still remain under investigation, it is believed that it was a weakness in the centre’s cybersecurity that allowed the infiltration to the database.
This breach exposed a significant amount of sensitive patient data, including potentially life-altering therapy notes.  

Kivimäki then leveraged this stolen data in an attempt to extort money. He began by demanding a heft ransom from the centre in exchange for keeping the stolen data confidential. When the centre did not comply, he went for the mass extortion tactic and targeted the individual patients demanding 500 euros each to keep their therapy notes private.  

Justice Served: Kivimäki’s Punishment  

Kimikäki’s actions caused significant emotional distress to his victims, with some reports suggesting the incident triggered relapses in mental health conditions. Despite his attempt to flee to France, he was apprehended, and the Finnish court found him guilty of a multitude of offences. These offences include over 20,000 attempts of attempted blackmail, 20 of which were successful.
Due to the severity of the crimes, he has been sentenced to six years and three months in jail.  

Lessons Learned and Moving Forward 

This data breach serves as a stark reminder that how your information is processed and stored can be out of your control. Patients entrusted the centre with their incredibly sensitive medical records, highlighting the need for robust cybersecurity measures to protect against such breaches, as the centre was responsible for the safeguarding of their data. .  

Every business stores sensitive personal data in one way or another, either about their clients or internal employees. It is critical that this information is handled responsibly and with robust cybersecurity measures.  

How Cyber Wise Can Help 

At Cyber Wise, we understand the gravity of data security threats and offer comprehensive cybersecurity solutions tailored to protect your business. Our team of experts can help strengthen the defences to your businesses data by implementing robust cybersecurity measures from technical controls to interactive and dynamic training programmes to ensure your team are prepared to react to any attempted cyberattacks.  Don’t leave your data vulnerable – Get in touch to see more.