YLE reports:
Helsinki District Court handed a three-month suspended sentence to the former CEO of a psychotherapy firm targeted in a major data breach.
The court found the ex-CEO of Vastaamo, Ville Tapio, guilty of a data protection crime because he did not fulfil General Data Protection Regulation (GDPR) requirements, in terms of the pseudonymisation and encryption of patient data handled by the center.
Read more at YLE.
See our past coverage of the Vastaamo hack and extortion attempts on DataBreaches. Julius ‘zeekill’ Kivimäk, formerly of Lizard Squad, was arrested in France in February. The clinic itself had been fined for the breaches and declared bankruptcy. The CEO faced a number of charges including covering up breaches, but this current issue was about the failure to adequately protect the sensitive therapy data.
Unlike U.S. law, prosecutors in Finland can appeal decisions. Whether they will appeal the suspended sentence remains to be seen.