Psychotherapy centre Vastamo’s information system may have been subject to two separate data breaches, the company said in a press release on Saturday night.
Earlier this week, Vastaamo announced its patient database had been hacked and that extortionists were demanding payment of nearly half a million euros for the data's return.
The first breach reportedly took place in November 2018. The blackmailer has already published sensitive information of at least 300 people online.
The company said that its systems had probably been hacked a second time between the end of November 2018 and March 2019.
Vastaamo said it is not possible to identify whose data was stolen in the breach. Oulu-based newspaper Kaleva was the first to report on the second attack.
Vastaamo treats patients for the Oulu and Tampere university hospital districts, including children and youth.
Interior Minister: This is a very serious hack
Interior Minister Maria Ohisalo (Green) said on Saturday that the hacking of the psychotherapy centre must be taken very seriously. According to her, key government ministers convened urgently to discuss the matter and plan further actions.
"Discussions have already taken place with key ministers, but concrete measures needed still need to be reviewed," Ohisalo said.
According to Ohisalo, cybersecurity threats have an impact not only Finnish society but also internationally.
"First of all, this is not the first time and certainly, not the last time either. This is a very serious hack," she added.
The minister highlighted the plight of the victims above all else.
"Their distress is acute and they should be taken care of as well as possible."
According to Ohisalo, crisis aid must be provided by all possible means.