Huge data breach in Finland shocks citizens and politicians alike

Psykoterapiakeskus Vastaamo website. [Shutterstock/Casimiro PT]

The hacking of private psychotherapy centre Vastaamo last week has allowed sensitive and secret information of presumably tens of thousands of clients, including children, to land in the hands of cybercriminals, sending shockwaves across the nation and revealing loopholes in data security. The government has already set up helplines to assist those who have been hacked.

The hackers held Vastaamo and its clients for ransom, demanding 40 bitcoins worth about €450,000 from the company and between €200 and €500 from patients, who had received emails demanding the money in exchange for the data not being published online.

The hackers have also leaked the sessions and notes of some 300 patients on a Tor site.

The Helsinki-based company, which operates in 22 locations across the country and employs some 300 psychotherapists, said it “deeply regrets” the leak.

The incident is currently being investigated by the Finnish Cyber Security Centre and the National Bureau of Investigation and anonymous experts from the hacker community have offered their help. The company’s data protection protocols will also be investigated. .

Key government ministers held a crisis meeting on Sunday (25 October) given the scale and rarity of this cyber crime, after which Finnish President Sauli Niinistö stated: “this affects us all”.

Mikko Hyppönen, Chief Research Officer at security company F-Secure tweeted that he can recall only one remotely similar case — the Centre for Facial Restoration incident in Florida in 2019. (Pekka Vänttinen |

Subscribe to our newsletters