Gerard O’Dwyer reports: The huge data security breach and cyber-ransom attack at Finland’s Vastaamo Psychotherapy Centre has provoked a swift response from the government, which is primed to introduce more rigid laws and measures to protect the country’s databases and sensitive information from cyber criminals. […] In a significant bolstering of Finland’s data security laws, new legislation will require all enterprises offering social and healthcare services to join Kanta’s state-run national digital services platform. Kanta operates a secure database system that requires enhanced electronic recognition, supported by banking codes, to access social welfare and healthcare sector databases. All public sector social welfare and healthcare services use the Kanta system, which is voluntary for private enterprises. Read more on ComputerWeekly.com.
William Ralston has a piece on Wired to put a human face on what happened to Finnish therapy patients of the Vastaamo clinic. The Vastaamo hack, extortion attempt, and data dump was one of the worst breaches of 2020 and an absolute nightmare in terms of a breach exposing personal and sensitive information. And what first appeared to be a horrifying breach became a scandalous breach when it was later learned that an earlier breach had been covered up instead of properly remediated. Today’s piece by Ralston is not his first piece on the Vastaamo incident but is well worth reading – not only to appreciate the human impact of breaches when the impact can not only be severe but long-lasting, but also because this is one of those incidents that entities should never forget and strive to prevent every day in their own facilities and organizations. Read the story on Wired.
Graham Cluley reports: Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt. Read more on Hot for Security.
William Ralston reminds us how devastating the Vastaamo breach and ransom incident has been: Jukka-Pekka Puro will never forget 2017. Facing the heartbreak of a divorce, Puro, a university lecturer in Turku, southwestern Finland, found himself tussling with depression. This spiralled into suicidal ideations when doctors told him he had aggressive kidney cancer, and no more than a few years to live. He knew he needed professional help. Puro turned to Vastaamo, a private company that runs 25 therapy centres across Finland, and sub-contracts psychotherapy services for Finland’s public health system. Through a handful of therapy sessions he divulged intimate details about his personal life and mental health issues and slowly came to accept that he was soon going to die. Read more on Wired.
The Finnish Government has decided on measures to help victims of identity theft and to improve personal identity protection. The Ministry of Social Affairs and Health will firstly ensure that the victims of the data breach at Psychotherapy Centre Vastaamo continue to receive the necessary psychosocial and other support. Support will continue to be provided through a number of different operators and channels for as long as is required. The Ministry will also monitor and coordinate the aftercare of the situation within the healthcare and social welfare services system. Read more on Security Document World.