Finland Drafting New Legislation Following Cyber-Attack on Psychotherapy Center

The government of Finland is responding to a cybersecurity incident disclosed in October that left up to 40,000 Finns at risk of identity theft, fraud and extortion.

The widely reported cyber-attack on psychotherapy center Vastaamo last month has convinced Finnish officials to usher in new legislation to “allow citizens to change their personal identity codes in cases of gross data breaches that carry a high risk of identity theft,” the AP reports.

The Finns” personal ID codes allow them to access most public and many private services and is painstakingly difficult to change under current law. Legislation being drafted in light of the Vastaamo attack would make the process slightly easier, according to the AP report.

“The work will start immediately, and the laws will be completed by the beginning of next year,” said Local Government Minister Sirpa Paatero, who is in charge of the Finnish government”s electronic services.

Following the hack, Vastaamo patients started receiving demands of ransom in exchange for keeping their information private. During an exchange with the alleged extortionist, a local news site said the perp didn”t care if their actions could push some patients to suicide.

The AP report says Finnish police estimate that up to 40,000 clients of the Vastaamo psychotherapy clinic may have had their data compromised in not one, but two subsequent breaches in 2018 and 2019.

Vastaamo, for its part, has also been taking diligent steps to address the situation in the past few weeks. Its latest move has been to appoint new board members with a track record of addressing tough situations in trying times, including a new chairman of the board and an attorney.

“The hacking into the reception room has shocked the whole society,” says Heini Pirttijärvi, Vastaamo”s newly-appointed chairman, in a press release issued on November 9.

“For my part, I want to help in this exceptional situation,” added Pirttijärvi. “I think my experience will help when we look for solutions to the situation. The Board is committed to doing its utmost to strengthen customer confidence and support customers who have been compromised. Naturally, we will also continue to co-operate with the authorities investigating what happened.”