Cybercrime
,
Fraud Management & Cybercrime
Aleksanteri Kivimäki Charged for the 2020 Leak of Mental Health Clinic Database
The hacker who allegedly leaked mental health records online after breaking into a Helsinki-based psychotherapy chain’s patient database has been charged with multiple counts of extortion and data leak in Finnish court.
See Also: Navigating the Regulatory Landscape: Rising GRC Trends and Data Breach Risks
Roughly 33,000 patients of the now-defunct Vastaamo clinic were affected by the hacking incident, which became public in October 2020.
Finnish national Aleksanteri Tomminpoika Kivimäki, 26, allegedly hacked the patient database twice, once in November 2018 and again in March 2019.
On Wednesday, Finnish prosecutors charged Kivimäki with 9,598 counts of aggravated dissemination of information violating personal privacy, 21,316 counts of attempted extortion, and 20 counts of aggravated extortion. Prosecutors said that Kivimäki should be sentenced to at least seven years in prison. Kivimäki, who formerly used the first name Julius, has denied guilt.
French police arrested Kivimäki in February after being called to an apartment in suburban Paris for a domestic disturbance (see: Notorious Finnish Hacker ‘Zeekill’ Busted by French Police).
Authorities extradited Kivimäki, who went by the online aliases “Zeekill”, “Ryan,” and “ransom_man,” to Finland that same month, where he has remained in pretrial detention.
Vaastamo detected a breach in 2020 after information leaked online and it received an extortion demand of 450,000 euros in bitcoins. Kivimäki later allegedly contacted victims directly to demand a ransom of 200 euros within 24 hours, raising the extortion demand to 500 euros if not paid within 48 hours. Authorities say cyber criminals later used the leaked patient database to commit fraud.
The Finnish police, who described the event as the largest hack ever recorded in the country, identified a total of 33,086 victims. Police have encouraged victims to file official complaints, evidence used to prepare a report reaching 2,200 pages ahead of Wednesday’s prosecutorial summons. Vastaamo went bankrupt in February 2021.
During the Wednesday hearing, prosecutors said Kivimäki compromised Vaastamo’s after identifying a vulnerability in its server, Finnish news outlet YLE reported. The hacker used a compromised credential to connect to the hospital’s MySQL server to download the patients’ records. Vaastamo’s server is one of 14,000 networks compromised by Kivimäki, Finnish media outlet Iltalehti reported in September.
Prosecutors said police identified the hacker after he made the mistake not masking his IP address through a virtual private network, leading authorities to trace the online alias “ransom_man” to Kivimäki.
Following Wednesday’s hearing the case has been moved to the district of Länsi-Uusimaa where the trial is slated to begin on Nov. 13.
A Finnish court last decade found Kivimäki guilty of 50,700 “instances of aggravated computer break-ins” for a hacking spree that the then-17-year-old committed against U.S. universities and database provider MongoHQ, the BBC reported in 2015. The court imposed a two-year suspended prison sentence.