There’s a small update to the horrific breach involving Finnish psychotherapy patients seen at Vastaamo locations.
Vastaamo’s CEO Ville Tapio has been fired. Graham Cluley brings us up to date on that:
An investigation has uncovered that the database of customer details and therapy session notes was first breached in November 2018, but there was another security breach in mid-March 2019 which apparently CEO Ville Tapio knew about but – for reasons best known to himself – did not inform the appropriate authorities or with other members of Vastaamo’s board.
News of Vastaamo’s devastating data breach was not made public until 18 months later on October 21, 2020, and Tapio was dismissed yesterday.
So there was a second breach, it seems, and it wasn’t just one bigger breach. Okay.
Another new revelation may not be related to the specific breach as much as sloppy data security and violation of GDPR. YLE.fi reports:
The troubled psychotherapy centre Vastaamo sent at least some of its customers invoices that included their government-issued personal ID numbers in unsecured emails.
The private mental health services firm has been at the centre of a hacking and blackmail scandal for the past week after it emerged that highly sensitive information on thousands of patients had been stolen from its database.
Read more about that issue on YLE.fi.
OMG I wonder what happened to the patients if they’ve been blackmailed or what
Read the original coverage. They’re being extorted. This is one of the worst breaches ever.