Hacked mental healthcare firm Vastaamo has told thousands of patients requesting records to collect their physical documents from one of five pick-up points while the company works on securing its email system. This has perturbed patients as the company has offices nationwide, but has only designated retrieval points in Helsinki, Espoo, Tampere, Turku and Oulu.
Patients have been eager to get their personal records after news emerged last month that personal data on as many as 40,000 patients may have fallen into criminal hands after a massive data breach that led to extortion attempts.
Vastaamo said it had chosen the five locations for data security reasons, telling Yle the company would only hand over documents personally and that patients needed to show ID.
Heini Pirttijärvi, Vastaamo’s new board chair, said customers’ consternation was understandable.
"They want their information as quickly and as easily accessible as possible," she told Yle.
Vastaamo is currently setting up an email system requiring robust identification so that patients would be able to access their records electronically, Pirttijärvi explained.
Building the new system could take a few days, she said, adding: "We’ll have a more accurate timeline after this week."
On Thursday the government unveiled security measures in response to the Vastaamo data hack. In the future all firms offering social and healthcare services will be required to join the national Kanta service, a database system that requires enhanced electronic recognition with banking codes for access.