Finnish psychotherapy patients risk having secrets made public after hack

Richard Orange
·2 min read
The blackmailers demanded €200 not to publish details of therapy sessions online - AFP
The blackmailers demanded €200 not to publish details of therapy sessions online - AFP

Thousands of psychotherapy patients in Finland risk having their most painful and intimate secrets made public, after one of the country's largest private psychotherapists was hacked. 

Current and former patients of Vastaamo, which runs 25 centres across Finland, began receiving blackmail emails from Friday,  two days after the company first went public about the data breach.

"What makes this case unique is the large number of victims and how sensitive and personal the information is which the blackmailers have obtained," Marko Leponen, the police commissioner leading the investigation into the breach, said at a press conference on Sunday.

He said that police could not yet rule out the involvement of both domestic and international criminals. 

The blackmail emails, which include the victims' personal numbers, demand a €200 bitcoin payment, which doubles to €400 if not paid within 24 hours. 

If the victim does not then pay within a further 24 hours, the blackmailers threaten to make their notes public, including full transcriptions of psychotherapy sessions. 

One victim told Finland's state broadcaster Yle that he had found the email when he searched his junk folder after the breach was publicised.   

"This blackmail message caused floods of tears," he said. "The situation is really distressing."

There were several things he had told his therapist that he would not want to be made public, he confirmed. 

"I told him all my bad feelings there, but after that I said that I could do it alone, and I didn't go on."

Vastaamo said on Wednesday that it had been approached by the blackmailers and decided not to meet their demands. 

In a further press release on Sunday, it said that it "deeply regretted" the breach, which it said appeared to have taken place between November 2018 and March 2019.

Security experts told the Helsingin Sanomat newspaper that a 10-gigabyte data file containing psychotherapists' notes on 2,000 patients had appeared on websites hidden on the so-called 'dark web'.

Victim Support Finland, a support line run by the Red Cross and five other charities, said that the number of calls from worried crime victims had leapt eight-fold on Friday as Vastaamo clients received the mails.

The Red Cross has now launched a special line for victims of the leak, together with the charity Mental Health Finland.