Issue #14

Vastaamo Hacker Sentenced

Ahoy there, fellow Netizens!

Before getting to this week’s story, I have a quick announcement. Going forward, I’ll be sending this newsletter out once every two weeks instead of once every week. I hope you’ll continue to enjoy the newsletters, even though they’ll be a little less frequent!

Now, let’s talk about Julius Kivimäki, a 26-year-old Finnish hacker who was sentenced to prison earlier this week for his attack on Finnish psychotherapy provider Vastaamo.

Kivimäki breached Vastaamo in 2018 and stole sensitive patient data, including notes about patient therapy sessions. In 2020, he demanded a payment of 40 Bitcoin from Vastaamo in exchange for him not publishing patient files on the dark web. When Vastaamo refused, Kivimäki contacted individual patients and threatened to release their therapy notes unless they paid a ransom.

Despite some patients paying the ransom, all the files were ultimately released on the dark web. The attacker also accidentally included a copy of his home folder, which helped identify Kivimäki as the perpetrator of the attack.

Given the sensitive nature of the therapy notes, it is not surprising that a number of suicides have been linked to the Vastaamo hack. Kivimäki, however, reportedly claimed while extorting patients that he did not care if they were driven to suicide.

Kivimäki was sentenced to six years and three months in prison, which was just shy of the seven-year maximum prosecutors were aiming for. Several months were knocked off of the maximum sentence since he was willing to pay compensation to the victims.

However, Kivimäki has denied the charges and will probably appeal the ruling.

Until next time, stay safe out there!