- Digital Kleptos
- Posts
- Ransom Man: A Shocking Data Breach at a Finnish Psychotherapy Service
Ransom Man: A Shocking Data Breach at a Finnish Psychotherapy Service
Vastaamo Psychotherapy Centre was accessible, affordable, and a national success story — until a hacker brutally destroyed it and terrorized its patients.
Anthony Collette
January 27, 2026 • Estimated Reading Time: 6 minutes
Happy Tuesday! “We all have some thoughts we’d never write down. Perhaps we wouldn’t even feel comfortable saying them out loud. But we’d tell a therapist, if we thought our mental health depended on it. Now just imagine that a criminal had gotten hold of those thoughts, and was threatening to publish them for all the world to see. For 33,000 people in Finland, this was their reality. A living nightmare.” |  |
So begins the tale of Ransom Man, the hacker who perpetrated the largest digital crime in Finland’s history.
Award-winning BBC journalist Jenny Kleeman traces the story from the first extortion email to the hunt to find the hacker and bring him to justice.
Do you want to understand the human dimension of hacking, how damaging it can be to real people? A painful human tragedy, including lives lost to suicide. Hear directly from the victims themselves, in their own words, in this stunning multi-part podcast.
— Anthony Collette
Founder, Loistava Information Security
Ransom Man: A shocking data breach at a Finnish psychotherapy service
What would you do if your deepest secrets were held to ransom? BBC investigates one of the world's most audacious hacks.
When a shocking data breach takes place at a Finnish psychotherapy service, the nation's darkest secrets are held to ransom by a faceless hacker. He calls himself ransom_man.
Award-winning BBC journalist Jenny Kleeman traces the story from the first extortion email to the hunt to find the hacker and bring him to justice.
We all have some thoughts we'd never write down. Now, just imagine that a criminal had gotten hold of those thoughts, and was threatening to publish them for all the world to see if you didn't pay to stop him.
What kind of person is prepared to terrorise a nation like this? What lengths will people go to fight back? Listen to this podcast and you’ll discover that the origins of this dark crime stretch far beyond Finland — around the world and to unexpected places, bringing you face to face with victims, investigators, police and notorious hackers themselves.
This is a cautionary tale about something that could happen anywhere, to any of us, again and again.
Learn just how vulnerable our deepest secrets can be — and the enormous power that hackers now have to hold our inner lives ransom.
UPDATE: The hacker has been released from jail pending his appeal. And an American citizen living in Estonia has been charged by Finnish prosecutors of aiding and abetting the extortion of psychotherapy patients. For a concise summary of recent developments: https://www.bitdefender.com/en-us/blog/hotforsecurity/vastaamo-psychotherapy-hack-us-citizen-charged-in-latest-twist-of-notorious-data-breach
Link to the multi-episode BBC podcast. This intro is just 3.5 minutes long: https://www.bbc.co.uk/programmes/p0mt1k8x
Why did this hack happen, and is there anything we can do to avoid something like this in the future?
Vastaamo’s security practices were found to be inadequate: sensitive patient data wasn’t encrypted or anonymized and part of their system didn’t have a defined password. The company was fined 608,000 euros for violating EU data protection laws. Vastaamo’s patients trusted their therapy provider to keep their private information confidential, but Vastaamo didn’t implement the security safeguards to make that happen.
There was nothing their 33,000 patients could have done differently to avoid the data breach in this scenario. But they could avoid making the situation worse by exposing other online accounts to the hackers.
Let’s assume the hackers had access to the patient’s passwords. If that’s true, Vastaamo’s patients could have used a unique password for their Vastaamo account. That would have kept the hackers from using the same passwords to attack other online accounts.
What’s the best cybersecurity advice I can follow today?
It’s less complicated than you might think, since mastering The Basics can go a long way toward keeping you safe online. They are:
✔ Know The Basics — Understand how the world has changed, and what you can do about it.
✔ Modern Passwords — Create and use strong, unique, Modern Passwords for each online account.
✔ Password Manager — Use a high-quality Password Manager to create, remember and type the passwords for your online accounts.
✔ Diceware Passphrase — Craft and use a Diceware Passphrase to lock down your Password Manager.
✔ Multi-factor Authentication (MFA) — Implement MFA for each online account that offers it.
There are no guarantees in life. But fortunately, these 5 foundational building blocks are proven to work extremely well. You can massively stack the deck in your favor by intelligently adding each one to your online experience.
This advice comes straight from The Electronic Frontier Foundation (EFF), so you know it’s reliable.
Join us
Weekly resources to help keep you safer online — protecting you from hackers, online scammers, and other Digital Kleptomaniacs™.
No spam. No selling your email. Just factual, actionable information once a week, from people who truly care about online security. You can unsubscribe any time — but we hope you’ll want to stay with us on this journey.
Cybersecurity is a modern form of wealth, and you deserve to keep what you've earned.
Looking forward to connecting again next week.
— Anthony Collette
Reply