THE NATIONAL BUREAU of Investigation (KRP) on Monday stated that it has concluded its pre-trial inquiry into data security practices at Psychotherapy Centre Vastaamo, revealing that three employees in charge of data security are suspected of data protection offences.
The case will now be presented to a prosecutor for consideration of charges.
Marko Leponen, the detective chief inspector in charge of the inquiry at KRP, on Monday told Helsingin Sanomat that the inquiry focused on the state of data security and data protection practices at the psychotherapy centre before and after what appears to be a series of hackings that led to the release of sensitive information on thousands of customers in the dark net.
The data breach was detected in autumn 2020. The first hacking, though, is believed to have taken place as early as in 2018.
Leponen said the three suspects have largely denied the criminal accusations and provided conflicting statements about how the events unfolded and the distribution of data security responsibilities.
The inquiry, he stated, was challenging because it entailed collecting and examining large quantities of technical data. The pre-trial investigation into the data breach itself is still ongoing.
“It has been under active investigation for two years, and the investigation is still ongoing. It looks like we should be able to clear it up at some point,” commented Leponen. “The investigation hasn’t hit a wall.”
He declined to speculate on the timetable for the investigation, saying the investigators are moving forward “one day, one week and one month” at a time.
KRP has previously revealed that “one interesting line of investigation” points to outside Europe. Psychotherapy Centre Vastaamo was declared bankrupt in February 2021.
Aleksi Teivainen – HT