A Finnish courtroom has given the previous CEO of a series of psychotherapy clinics a suspended jail sentence after failing to adequately defend extremely delicate notes of sufferers’ remedy classes from falling into the palms of blackmailing hackers.
Ville Tapio, the then-CEO of remedy clinic Vastaamo, was unceremoniously fired after a hacker stole the psychotherapy session notes associated to tens of 1000’s of sufferers, printed a few of them on the darkish net, and demanded a 450,000 Euro ransom.
To compound the strain on harmless victims, the hacker – who glided by the identify “Ransom Man”, then truly emailed sufferers threatening to launch information of their particular person psychotherapy classes if they didn’t pay him their very own Bitcoin ransom.
To rub salt into the wound, the hacker bragged in regards to the poor state of Vastaamo’s safety, saying that the corporate had used a username/password mixture of “root/root.”
A subsequent investigation discovered that Vastaamo’s buyer database and delicate classes notes had been first breached in November 2018, after which once more in mid-March 2019. Regardless of CEO Ville Tapio realizing in regards to the hack in 2019, he didn’t inform the authorities or different members of the corporate’s board – and it solely turned public information 18 months later, resulting in Tapio’s dismissal.
To make issues worse, the corporate’s database of sufferers’ contact particulars and remedy classes notes weren’t correctly encrypted, making it simple for extortionists to use the knowledge.
Unsurprisingly, Vastaamo declared itself bankrupt on account of the scandal.
This week, Helsinki District Court docket handed Ville Tapio with a 3 month suspended sentence. The courtroom mentioned that the severity of the crime, and the size of time that the extremely delicate knowledge was not adequately protected against falling into the fallacious palms, meant {that a} “Tapio should obtain a jail sentence for the act.
Nevertheless, the courtroom then mentioned that Tapio had no earlier prison report, it could impose a suspended sentence as a substitute.
For his half, Tapio has denied committing an offence, and claimed that the accountability for the breach fell on the shoulders of former members of the corporate’s IT crew.
In February this yr, French authorities revealed that that they had arrested 25-year-old Julius “Zeekill” Kivimäki, a self-professed member of the Lizard Squad gang, in reference to the extortion try.
Finnish authorities had recognized Kivimäki as presumably being “Ransom Man” after an examination of the 10GB file of Vastaamo’s information uploaded to the darkish net was additionally discovered to have (presumably by chance) included your complete contents of the house folder from his PC.
As soon as once more, it is clear that you do not have to be a genius to be a cybercriminal. Or a remedy clinic’s CEO for that matter.
