Authorities are working to trace patients who received emails threatening to disclose personal information until the recipient pays the blackmailer. Some records have already been leaked online.
Finnish police are working with other agencies to investigate data breaches targeting the country’s largest private psychiatric center, Vastra, which treats about 40,000 patients across the country.
“We are grateful for the various actors in the community who have helped the police,” said Marco Leponen, a detective inspector at Finland’s National Bureau of Investigation. “It’s especially great that citizens are urging everyone not to share this content on social media. Sharing such information completes the essential elements of crime,” he added.
Some of the victims have received emails demanding payment in Bitcoin to prevent public disclosure of their personal information, which officials are discouraging victims from doing so. Instead, agencies can receive extortion emails and other potential evidence from those patients that they may receive and file a police report. Police have also discouraged people from paying hackers, saying they would not keep their data private.
Finnish leaders have expressed outrage at the breach and said the victims need immediate support.
Finland’s Prime Minister Sanna Marin said on Twitter on Saturday that the data breach was shocking in many ways. “Victims now need support and assistance. Ministries are looking for ways to help victims. Action by municipalities and organizations is also needed.”
The country’s president, Sally Nininist, told Yale News on Sunday that the breach was “brutal.”
He said, “We all have our inner personality that we want to protect. Now it has been violated.”
Vastramo said it has launched an internal investigation into the matter and admitted on its website on Monday that its patient database was first accessed by hackers in November 2018. The security vulnerabilities remain the same until March 2019, the company said. The company also announced it on Monday. Its CEO, Villetio Pio, was fired when he found out he had hidden the breach from the company’s board and parent company.
Trump said he was unaware of the initial data breach in November 2018, in a statement released on his Facebook page on Monday evening.
Finland’s transport and communications agency, Traffic, said on Monday it had worked with other public officials to set up a website to help victims.
“In this situation, there is a need to provide up-to-date information in one place,” said Kirsi Karmalama, Director General, Trafficcom. “We hope the site is useful to them in this difficult situation.”
CNN’s Sharif Page contributed to this Atlanta report.
.
