A link to about 30,000 files containing sensitive patient information and records has been posted to the Tor dark web network on Tuesday night.
According to Yle’s information, at least some of the published material relates to the hacking of private mental health services firm Vastaamo.
The psychotherapy clinic’s patient records first appeared on the Tor network in October 2020, shortly after reports of the database leak and subsequent blackmail attempts emerged.
The hacker, or hackers, who stole the patient's data from Vastaamo’s database has tried to extort money from both the company and its customers.
However, police now suspect that the original blackmailer made the patient data widely available, apparently by mistake. It is therefore possible that the data has now been published by a different person or group, and not the initial hacker.
Dissemination of sensitive patient and personal information is a criminal offence. In some cases, viewing the data may also be considered a crime, according to Professor of Public Law Tomi Voutilainen from the University of Eastern Finland, as explained to technology magazine Mikrobitti last October.
“It is a question of interpretation as to whether such viewing of another persons' sensitive information can be considered a data protection offence,” Voutilainen said.
Police are investigating the Vastaamo hacking as aggravated invasion of privacy, aggravated blackmail and aggravated dissemination of information that violates privacy.
In addition, Vastaamo staff are suspected of a data protection offence.
The company is set to hold an extraordinary general meeting (EGM) on Thursday, where it is expected to decide on the future of the psychotherapy centre’s operations. CEO Heini Pirttijärvi as well as the entire board of directors have all announced their resignation in advance of the EGM.