The privately-run psychotherapy centre Vastamo announced that sensitive information about its clients was leaked after its database was recently hacked, according to a company release issued on Wednesday.
The Helsinki-based company said that the hackers who stole the data made attempts to extort money in exchange for its return.
Vastamo's board chair, Tuomas Kahri, told Yle that the National Board of Investigation is looking into the matter.
However, Kahri did not reveal the amount of personal data that was leaked, nor when the centre's database was hacked.
In its announcement about the incident on its website, the company said that customer data entered to the database after November 2018 had not been compromised. The firm said it had also contacted the National Cyber Security Centre, the National Supervisory Authority for Welfare and Health (Valvira) and the Office of the Data Protection Ombudsman about the matter.
The company statement said its data security systems had undergone an audit and are being more effectively monitored.
Tabloid paper Ilta-Sanomat was first to report on the matter. The publication said it had seen what it described as personal information about patients posted online, including sensitive data including their names.
"As a company that provides psychotherapy services, the confidentiality of customer information is extremely important to us and is the starting point of all our operations. We deeply regret the leak due to the hack. We are constantly developing our information security and data protection, and we will take additional measures when our internal investigations and regulatory probes are complete," Kahri said in the statement, adding that the firm had not announced the leak previously due to the ongoing police investigation.