Authorities are working to locate patients who receive threatening emails disclosing personal information unless the recipient pays the blackmailer. Some records have already been leaked online.
Finnish police are working with other agencies to investigate the data breach, which targeted Vastamo, the country’s largest private psychiatric center, which treats about 40,000 patients nationwide.
Marco Laponen, a detective inspector at Finland’s National Bureau of Investigation, said: “We are grateful for the support of the police in various aspects of society. “It’s especially great that citizens are urging everyone not to share this content on social media. Sharing such information meets the essential elements of a crime,” he added.
Some victims have received emails demanding payments in Bitcoin to prevent the public disclosure of their personal information, prompting authorities to discourage victims from doing so. Instead, the agencies are asking patients to protect the confiscated emails and other possible evidence they have received and may file a police report. Police have also discouraged people from paying hackers, saying it will not ensure their data remains private.
Finnish leaders have expressed frustration over the violation and said the victims needed immediate help.
The Prime Minister of Finland Sana Marin said on Twitter on Saturday, “This data breach is shocking in many ways. “Victims now need help and assistance. Ministries are exploring ways to help victims. Action by hospitals and organizations is also needed.”
The country’s president, Solly Ninisto, told Yale News on Sunday that the violation was “brutally brutal.”
“We all have our own inner personality that we want to save. Now it has been violated,” he said.
Vastamo said it had launched an internal investigation into the case and on Monday acknowledged on its website that its patient database had been accessed by hackers in November 2018. The company said security vulnerabilities continued until March 2019. The company also announced on Monday that its CEO, Vile Tapio, had been fired after it was discovered that he had hidden the breach from the company’s board and parent company.
Tapio said he was unaware of the breach of the initial figures in November 2018, in a statement released on his Facebook page on Monday evening.
The Finnish transport and communications agency, Trafficcom, said on Monday it had worked with other public authorities to set up a website to help victims.
“In this situation, there is a need to provide up-to-date information in one place,” said Kirsi Karilama, Director-General, Traffic. “We hope this site is useful to them in this difficult situation.”
CNN’s Sharif Page contributed to this report from Atlanta.