Skip to content

Suspected Vastaamo psychotherapy centre hacker extradited from France to Finland

A well-known Finnish hacker is suspected of intentionally leaking sensitive personal information about thousands of mental health patients and attempting to extort cryptocurrency from them.

julius kivimäki.
Julius Kivimäki has a long criminal record of cybercrimes, dating back to age 15. Image: Europol, Juha Kemppainen / Yle, grafiikka: Aalto Puutio / Yle
Yle News

Julius Kivimäki, a hacker suspected of stealing tens of thousands of psychotherapy patient records, has been extradited to Finland after his arrest in France earlier in February.

His lawyer, Peter Jaari, said on Saturday that the 25-year-old suspect had been transferred to Vantaa Prison near Helsinki.

Kivimäki was taken into custody near Paris on 3 February during a routine police check. He was on the run from a European arrest warrant issued by Finnish police last October. French authorities approved his extradition last week.

"The aim is to interview the suspect as soon as possible," said Detective Chief Inspector Marko Leponen, who is heading the investigation.

"Shocking act"

The probe concerns the 2018 and 2019 hacking of the Finnish company Vastaamo, which manages dozens of psychotherapy centres around the country.

Confidential treatment records of tens of thousands of psychotherapy patients in Finland were stolen. Some records, including highly sensitive personal information, were posted on the dark web. When the leak came to light in October 2020, then-Interior Minister Maria Ohisalo (Green) called it "a shocking act".

Many patients received emails demanding that they pay 200 euros in bitcoin to prevent their discussions with therapists from being made public.

After the leak was made public, the government held a crisis meeting over the unprecedented data breach, as distressed psychotherapy patients flooded mental health groups for support. Authorities estimate that data from more than 30,000 victims was leaked.

Kivimäki, who was born in Espoo in 1997, now uses the name Aleksanteri Kivimäki. He has been convicted of various counts of cybercrime, fraud and money laundering, as well as some 50,000 data breaches carried out with a hacker group in over 100 countries.

Kivimäki has been linked to attacks on websites associated with the US Air Force, various police agencies, and firms such as American Airlines, Sony and Microsoft. His first criminal conviction for hacking came at the age of 15.

Latest: paketissa on 10 artikkelia