In a significant breach of privacy, a hacker allegedly broke into the patient database of a Helsinki-based psychotherapy chain, leaking mental health records online. The incident, which came to light in October 2020, affected approximately 33,000 patients of the now-defunct Vastaamo clinic. In a recent development, Finnish prosecutors have charged the alleged perpetrator, 26-year-old Aleksanteri Tomminpoika Kivimäki, with multiple counts of extortion and data leakage. This article provides a detailed account of the hacking incident, the charges against Kivimäki, the impact on the clinic and its patients, as well as the previous criminal history of the accused.
Details of the Hacking Incident
The breach at the Vastaamo clinic resulted in a significant violation of privacy for thousands of patients seeking mental health services. Kivimäki is believed to have gained unauthorized access to the patient database on two occasions, first in November 2018 and then again in March 2019. The incident came to public attention in October 2020 after leaked information was discovered online.
Charges Against the Hacker
Finnish prosecutors have brought forth a range of charges against Kivimäki in relation to the breach. These include an astounding 9,598 counts of aggravated dissemination of information violating personal privacy, 21,316 counts of attempted extortion, and 20 counts of aggravated extortion. The charges reflect the severity of the breach and the impact it had on the clinic’s patients.
Prosecutors’ Sentencing Recommendation
Given the gravity of the charges, prosecutors are seeking a substantial prison sentence for Kivimäki. They argue that he should be sentenced to at least seven years behind bars. The recommended sentence takes into account both the extensive nature of the breach and the potential harm caused to the victims.
Arrest and Domestic Disturbance Incident
In February, French police arrested Kivimäki after responding to a domestic disturbance call in suburban Paris. It was during this encounter that authorities apprehended the alleged hacker. The circumstances surrounding the domestic disturbance incident were not disclosed.
Impact on Vastaamo Clinic and Victims
The breach had severe implications for both the Vastaamo clinic and its patients. Upon detecting the unauthorized access, the clinic not only experienced significant reputational damage but also received an extortion demand of 450,000 euros in bitcoins. Furthermore, the leaked patient database was exploited by cybercriminals for fraudulent activities, putting the affected individuals at risk.
Magnitude of the Hacking Incident
Regarded as the largest hack ever recorded in Finland, the breach at Vastaamo impacted a staggering total of 33,086 victims. The sheer scale of the incident underscores the urgent need for robust cybersecurity measures to protect sensitive personal data.
Past Criminal History of the Hacker
This is not the first time Kivimäki has faced charges related to cybercrimes. In the previous decade, when he was just 17 years old, a Finnish court found him guilty of 50,700 instances of aggravated computer break-ins. His hacking spree targeted various US universities and the database provider MongoHQ.
The charges brought against Aleksanteri Tomminpoika Kivimäki for leaking mental health records and extorting victims reflect the serious nature of the breach that occurred at the Vastaamo clinic. Authorities are seeking a minimum seven-year prison sentence for the accused, highlighting the significance of the case. The incident not only had a profound impact on the clinic and its patients but also exposed the vulnerabilities of our digital world, emphasizing the need for enhanced cybersecurity measures to protect personal information. As the case progresses, it will be pivotal in setting a precedent for future cybercrime prosecutions and the safeguarding of sensitive medical data.