Officers at the National Bureau of Investigation (KRP) are continuing the pre-trial investigation into the hacking of Psychotherapy Centre Vastaamo. (Emmi Korhonen – Lehtikuva)


A HANDFUL OF EMPLOYEES at Psychotherapy Centre Vastaamo are suspected of data protection offence by the National Bureau of Investigation (KRP), reports Helsingin Sanomat.

Marko Leponen, the officer leading the pre-trial investigation at KRP, stated to the newspaper last week that fewer than 10 employees are suspected of wrongdoing but declined to comment on further details, such as the identities and current employment statuses of the suspects.

Read more:

Information obtained by the newspaper indicates that one of the suspects is the former chief executive of the service provider, Ville Tapio.

Leponen said the aim of the investigation is to determine whether any of the employees had, deliberately or through gross negligence, facilitated the hacking of the client database of Psychotherapy Centre Vastaamo in November 2018. The issue, he added, is being investigated in co-operation with the data protection ombudsman of Finland.

Sensitive information on up to tens of thousands of psychotherapy clients is believed to have been compromised in the hacking. Some of the information has since been published online by an extortionist demanding a payment of hundreds of thousands of euros from Vastaamo.

Many data security experts have viewed that the service provider had not developed its data security systems to the standards expected today.

Tapio broke his media silence on the issue – which he had justified by saying he had been prohibited from talking to the media by the board of directors – by speaking to Wired on Wednesday, 9 December. He stated, for example, that inaccuracies in the claims made by the extortionist suggests the extortionist and hacker are not the same person.

“What the extortionist is saying is incorrect,” he stated to the news outlet. “The technical details do not match.”

Aleksi Teivainen – HT