THE CHIEF EXECUTIVE of Psychotherapy Centre Vastaamo knew about the hacking of the service provider’s server for 18 months before the hacking was made pubic, Tuomas Kahri, the board chairperson at Vastaamo, revealed to Ilta-Sanomat on Monday.
Vastaamo, he added, has also relieved from duties its first and only chief executive, Ville Tapio. Tapio had been suspended from his duties about 10 days earlier.
The psychotherapy centre has determined that its database was hacked in November 2018. Nixu, a Finnish cybersecurity company, found later in its investigation that the centre was targeted also in another hacking, in March 2019.
“It’s very likely that the chief executive has known about the issue at that point,” Kahri stated to Ilta-Sanomat.
PTK Midco, a holding company owned by Intera Partners, has additionally launched civil proceedings in connection with the issue. While Kahri declined to comment on the measures linked to the proceedings, they may include asset-related precautionary measures such as seizures and the prohibition of disposal of property.
Intera Partners acquired a majority stake in Vastaamo in June 2019, after finding no indication of the data breach in the due-diligence audit conducted leading up to the acquisition. Tapio neglected to tell the new owner about the hacking, according to Kahri.
“If others knew about it inside Vastaamo, it had to have been a very small group of people,” he said to Ilta-Sanomat.
Vastaamo has stated that while the exact sequence of events remains partially unclear, it is obvious that its data security measures had been lacking, allowing hackers to infiltrate its database prior to mid-March 2019. The oversight was announced yesterday in conjunction with the firing of the chief executive, reported YLE.
“Due to the judicial nature of the matter and the ongoing enquiries and investigation, I can’t publicly comment on the matter in more detail,” Kahri said to YLE on Monday.
Aleksi Teivainen – HT