The patient information of 30,000 people was exchanged for the hacker who broke into the computer systems of Vastamoo in 2018 and 2019. The attack only became public knowledge after the company informed about it on October 21, 2020. A couple of months in advance, an email had ticked in to the company’s management with a demand for 40 bitcoin in ransom. At the time, it was equivalent to almost five million kroner. When the claim was rejected, the attacker began making claims against each individual patient. Published on the web To put power behind the claim, the hacker also began to publish hundreds of documents with sensitive health information on the dark web. Some of the journals belonged to Finnish politicians and police officers, according to Wired. Among those who were pressured for money was the parliamentarian Eeva-Johanna Eloranta. She was required to pay 500 euros in bitcoin after information about her was said to have been spread online. The information that was leaked included the patients’ names, addresses and social security numbers. But perhaps worst of all: The psychotherapists’ notes from the treatment. The general manager of Vastamoo resigned a few days after the scandal became known. The company was declared bankrupt in February 2021. The company was criticized by the Finnish Data Protection Authority for having insufficient security and for not notifying its patients when they became aware of the attack. Long hacker career In October last year, the Finnish police released the name of the person they suspect of being behind the computer attack and the extortion. Aleksanteri Julius Kivimäki was wanted by name and photo through Europol. He was arrested in France on 3 February this year. On Saturday he was extradited to Finland, according to Yle. According to his defender Peter Jaari, Kivimäki is now in custody in Vantaa prison near Helsinki. – We hope to be able to question him as soon as possible, says investigative leader Marko Leponen to the Finnish public broadcaster. Kivimäki has denied that he has anything to do with the Vastaamo burglary. He has a long history of similar crime and has been convicted of computer crime, fraud and money laundering. He received his first sentence as a 15-year-old. Kivimäki is also said to have participated in around 50,000 data breaches together with an international hacker group. Among other things, the attacks are said to have been aimed at the US Air Force, Sony and Microsoft.
ttn-69