Vastaamo data breach

Vastaamo data breach

Vastaamo was a Finnish psychotherapy provider whose patient database was compromised. Attackers later used therapy records in extortion attempts against both the organization and individual patients.

Finland’s data-protection authority found that Vastaamo had failed to implement adequate security measures and had not reported the breach when it became aware of it. The authority imposed an administrative fine in 2021.

The incident in Case for privacy and security shows why clinical notes are not ordinary account data. They can expose trauma, relationships, diagnoses, and statements made under an expectation of confidentiality. Incident response can reduce further exposure but cannot restore the therapeutic privacy already lost.

Sources

  1. tietosuoja.fi