·  Legal News, Analysis, & Commentary

Mental Health

Finland Will Attempt to Address Mental Health Records Breach

— June 5, 2023

The country will try individual responsible for psychotherapy cyberattack.

In a cyber attack in 2020, perpetrators hacked the medical records of a psychotherapy treatment center in Helsinki, Finland, and threatened to release those records online unless the center paid 40 bitcoins. When the Vastaamo clinic failed to pay, the perpetrators contacted patients individually and threatened to release their records through their emails. Cyber attacks on healthcare facilities have been on the rise in recent years and constitute a very brutal crime. For instance, in a cyber attack in February, hackers released naked photos of cancer patients online after targeting Lehigh Valley Health Network. After two-and-a-half years of dedicated police work, Finnish law enforcement is in the final stages of the investigation. A suspect was arrested by French police and was extradited to Finland in February. However, the suspect denies involvement. This case is a significant test of Finland’s legal system, especially since the police should gather their evidence and file the charges before October when the statute of limitations ends. 

One of the most significant challenges for this case is the number of victims and the volume of police reports, both of which will increase the difficulty of presenting the case by prosecutors considerably. A total of 33,000 patients were affected due to the hack and 15 prosecutors will have to go through evidence and statements from around 24,000 of those patients.

Finland Will Attempt to Address Mental Health Records Breach
Photo by Lee Campbell from Pexels

The investigation was slowed down considerably due to the police having to wait on data from tech providers based out of Finland. Although the police believe that all the victims were from Finland, proving the data theft was another matter entirely since tech providers in some countries took two to three weeks to respond while others took as much as two years.

The prosecutors will have to spend an estimated 10 minutes reviewing each of the reports as they decide which of them to use in court, which makes the entire process very slow.

The logistics of the trial will also be another significant challenge since Finnish courts are required legally to accommodate all the victims who wish to be present for the trial. Guaranteeing the anonymity of the victims will be very challenging if thousands of people end up showing up for such a high-profile case.

Finally, even if the case is tried and the suspects are convicted, it will be almost impossible to remove all the leaked information from the internet. The internet always remembers, and it is impossible to delete every instance of when the information was shared, especially since it is challenging to track every point of dissemination.

This case is going to be a significant challenge to Finland’s legal system but it will also be instrumental in the growth of the system. Although it has been stated that Finland’s legal system wasn’t built for such cases, the occurrence of such a case is proof that times are changing and the system needs to adapt. Individuals should also learn to protect their personal information whenever possible, especially since there isn’t a guarantee that any database is safe from hackers.


Join the conversation!