Finland’s Vastaamo Psychotherapy Breach: One of History’s Most Cruel Cyberattacks
In 2018, Finnish hacker Julius Kivimäki infiltrated the servers of Vastaamo Psychotherapy Center, a major mental health provider with dozens of clinics across Finland. The breach exposed highly sensitive data belonging to 33,000 patients, including names, addresses, phone numbers, Social Security numbers, and most damagingly confidential therapy session notes.
Unlike typical data breaches, this attack targeted an already vulnerable population: individuals seeking mental health support, many of whom were grappling with depression or anxiety. Kivimäki later attempted to extort Vastaamo’s CEO, Ville Tapio, demanding 100,000 euros in Bitcoin in exchange for not leaking the stolen records.
The incident stands out as one of the most ethically egregious cyberattacks in history, not only due to the scale of the breach but also because of the deeply personal and exploitative nature of the stolen data. The fallout underscored the severe risks of inadequate cybersecurity in healthcare, where the stakes extend beyond financial loss to psychological harm and long-term trauma for victims.
MediTechSafe, Inc. cybersecurity rating report: https://www.rankiteo.com/company/meditechsafe
"id": "MED1772360628",
"linkid": "meditechsafe",
"type": "Breach",
"date": "1/2018",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '33,000',
'industry': 'Mental Health Services',
'location': 'Finland',
'name': 'Vastaamo Psychotherapy Center',
'type': 'Healthcare Provider'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '33,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Addresses',
'Phone numbers',
'Social Security numbers',
'Therapy session notes']},
'date_detected': '2018',
'description': 'In 2018, Finnish hacker Julius Kivimäki infiltrated the '
'servers of Vastaamo Psychotherapy Center, a major mental '
'health provider with dozens of clinics across Finland. The '
'breach exposed highly sensitive data belonging to 33,000 '
'patients, including names, addresses, phone numbers, Social '
'Security numbers, and confidential therapy session notes. The '
'attacker later attempted to extort Vastaamo’s CEO, demanding '
'100,000 euros in Bitcoin in exchange for not leaking the '
'stolen records. The incident is considered one of the most '
'ethically egregious cyberattacks due to its targeting of '
'vulnerable mental health patients.',
'impact': {'brand_reputation_impact': 'Severe',
'data_compromised': 'Highly sensitive patient data, including '
'therapy session notes',
'identity_theft_risk': 'High',
'systems_affected': 'Vastaamo Psychotherapy Center servers'},
'lessons_learned': 'The incident underscored the severe risks of inadequate '
'cybersecurity in healthcare, particularly for vulnerable '
'populations. It highlighted the need for stronger '
'protections for sensitive mental health data.',
'motivation': 'Extortion',
'post_incident_analysis': {'root_causes': 'Inadequate cybersecurity measures'},
'ransomware': {'data_exfiltration': 'Yes',
'ransom_demanded': '100,000 euros in Bitcoin'},
'threat_actor': 'Julius Kivimäki',
'title': 'Finland’s Vastaamo Psychotherapy Breach',
'type': 'Data Breach, Extortion'}