In wake of horrific Vastaamo breach, Finnish government tables laws to protect data from cyber criminals

Gerard O’Dwyer reports: The huge data security breach and cyber-ransom attack at Finland’s Vastaamo Psychotherapy Centre has provoked a swift response from the government, which is primed to introduce more rigid laws and measures to protect the country’s databases and sensitive information from cyber criminals. […] In a significant bolstering of Finland’s data security laws, new legislation will require all enterprises offering social and healthcare services to join Kanta’s state-run national digital services platform. Kanta operates a secure database system that requires enhanced electronic recognition, supported by banking codes, to access social welfare and healthcare sector databases. All public sector social welfare and healthcare services use the Kanta system, which is voluntary for private enterprises. Read more on

Then a Hacker Began Posting Patients’ Deepest Secrets Online

William Ralston has a piece on Wired to put a human face on what happened to Finnish therapy patients of the Vastaamo clinic.  The Vastaamo hack, extortion attempt, and data dump was one of the worst breaches of 2020 and  an absolute nightmare in terms of a breach exposing personal and sensitive information. And what first appeared to be a horrifying breach became a scandalous breach when it was later learned that an earlier breach had been covered up instead of properly remediated. Today’s piece by Ralston is not his first piece on the Vastaamo incident but is well worth reading – not only to appreciate the human impact of breaches when the impact can not only be severe but long-lasting, but also because this is one of those incidents that entities should never forget and strive to prevent every day in their own facilities and organizations. Read the story on Wired.

A dying man, a therapist and the ransom raid that shook the world

William Ralston reminds us how devastating the Vastaamo breach and ransom incident has been: Jukka-Pekka Puro will never forget 2017. Facing the heartbreak of a divorce, Puro, a university lecturer in Turku, southwestern Finland, found himself tussling with depression. This spiralled into suicidal ideations when doctors told him he had aggressive kidney cancer, and no more than a few years to live. He knew he needed professional help. Puro turned to Vastaamo, a private company that runs 25 therapy centres across Finland, and sub-contracts psychotherapy services for Finland’s public health system. Through a handful of therapy sessions he divulged intimate details about his personal life and mental health issues and slowly came to accept that he was soon going to die. Read more on Wired.

Finland government to help victims of identity theft

The Finnish Government has decided on measures to help victims of identity theft and to improve personal identity protection. The Ministry of Social Affairs and Health will firstly ensure that the victims of the data breach at Psychotherapy Centre Vastaamo continue to receive the necessary psychosocial and other support. Support will continue to be provided through a number of different operators and channels for as long as is required. The Ministry will also monitor and coordinate the aftercare of the situation within the healthcare and social welfare services system. Read more on Security Document World.