Expert: Psychiatric centre data breach a "wake up call"

A leading cyber security expert says stronger encryption would have better protected sensitive personal data.

Kimmo Rousku says many companies are not keeping up to date with developments needed to secure data. Image: Yle

Finland is less well prepared for major digital disasters than, for example, natural catastrophes, according to one cyber security expert.

Kimmo Rousku, the chief expert in data security affairs at Finland's Digital and Population Data Services Agency (DVV), says that corporate managers in the country need to be more aware of the threats to data security.

His comments come in the wake of the news that the database of the privately-run psychotherapy centre Vastamo was recently hacked and that sensitive information about its clients was leaked, some of which has been released on the Tor network.

The data is being exploited in an extortion scheme targeting Vastamo and its clients by threatening to publish more information if payment demands are not met.

Thousands of victims of the data breach have filed criminal reports, according to the National Bureau of Investigation.

Interviewed on Yle Monday morning, Rousku said that if Vastamo's data had been better encrypted, it would have been more difficult to use the information for criminal purposes.

"Now the management should wake up. We are publishing a checklist for corporate mangers today. There are nine points that every company’s management should go through this week and make sure that the company has technical security issues in place," he explained.

Rousku stressed that putting measures in place to ensure data security "is not rocket science". There do exist means for companies to thwart cyber attacks, but many are not keeping up to date with developments.

"These have been taken further forward over the past decade. But we [in Finland] have so many organisations that not all are prepared to meet current and novel threats. This now serves as major wake up call," Rousku said.

People who think their personal data may have been compromised can contact Victim Support Finland (siirryt toiseen palveluun) for guidance.