Vastaamo ran the largest network of private mental-health providers in Finland. William Ralston tells the story on WIRED, and how hackers used the data to threaten patients.
A security flaw in the company’s IT systems had exposed its entire patient database to the open internet—not just email addresses and social security numbers, but the actual written notes that therapists had taken. A group of hackers, or one masquerading as many, had gotten hold of the data.
What an incompetent company. No anonymization of patient records, no encryption of data. In other words, unfortunately common. Two developers hired at Vastaamo were even arrested in a previous security breach.