A massive data breach at Finland’s leading online therapy platform, Vastaamo, has exposed the private therapy notes of over 33,000 patients, leading to a wave of extortion attempts and devastating consequences for vulnerable individuals.
The hack, orchestrated by a cybercriminal known as “ransom_man”, has shaken the country, which prides itself on its robust digital infrastructure and high standards of privacy. The stolen data, including details of adultery, suicide attempts, and sexual abuse, was published on the dark web, leaving victims feeling violated and betrayed.
Investigations have led authorities to Alek anteri Kivimäki, a notorious Finnish hacker with a history of cybercrime. Kivimäki, now 28, was convicted in 2015 for hacking into servers at MIT and Harvard, as well as money laundering and fraud. However, he has denied any involvement in the Vastaamo breach, claiming he is a “victim of his own notoriety”.
The fallout from the incident has been devastating, with reports of at least two victims taking their own lives after discovering their therapy notes had been exposed. Tiina Parikka, one of the affected individuals, described the experience as “like a public rape”.
Vastaamo, once hailed as a pioneer in digital therapy, has since declared bankruptcy, and its CEO, Ville Tapio, was found guilty of criminal negligence in his handling of patient data. Many victims have expressed anger towards Tapio, believing he prioritised profit over security.
The case has raised profound questions about the limits of privacy in the digital age, with Kivimäki arguing that our “worst secrets” are already online, regardless of our expectations of confidentiality. As the legal battles continue, Finland grapples with the aftermath of a breach that has shattered trust in the country’s mental health system and left a lasting impact on thousands of lives.