Authorities are working to track down those patients who receive emails threatening to disclose personal information unless the recipient pays the hacker. Some records have already been leaked online.
Finnish police are working with other agencies to investigate data breaches targeting Vastaamo Center, the country’s largest private psychiatric clinic, which treats about 40,000 patients nationwide.
Marko Leponen, chief investigator of the Finnish National Bureau of Investigation, said: “We are grateful the actors in the community helped the police.” “It’s a great thing, especially citizens, to urge everyone not to share this document on social media. Such sharing of information constitutes a critical element of the offense,” he added.
Some victims receive e-mails demanding payment in bitcoin to prevent the disclosure of their personal information, which authorities are blocking victims from doing so. Instead, organizations require patients to save promotional emails and other possible evidence they may receive and file a police report. Police also restrained people from paying hackers, saying it would not guarantee their information remained confidential.
Finnish leaders have expressed concern over the violation and say the victims need an urgent need for anonymity.
“This data breach is shocking in many ways,” Finnish Prime Minister Sanna Marin said on Twitter on Saturday. “Victims now need support and assistance. Ministries are looking for ways to help the victims. The actions of municipalities and organizations are needed.”
The country’s president, Sauli Niinistö, told Yle News on Sunday that the violations were “relentlessly brutal.”
“We all have our inner selves that we want to protect. Now it has been violated,” he said.
Vastaamo said it has initiated an internal inquiry into the matter and admitted on its website Monday that its patient database was first logged in by hackers back in November 2018. The company said security breaches continued until March 2019. The company’s CEO was fired, according to the company.
Tapio said he was unaware of the initial data breach in November 2018, in a statement released Monday evening on his Facebook page.
The Finnish Telecommunications and Communications Agency, Traficom, said Monday that it was working with other public authorities to set up a website to help victims.
Kirsi Karlamaa, director of Traficom, said: “In a situation like this, there is a need to keep up-to-date information in one place.” “We hope the site is useful to them in this difficult situation.”
CNN’s Sharif Paget contributed to this report from Atlanta.