Categories: CyberCrimeSecurity

Notorious Finnish Hacker Jailed Over Patient Records Hack

A notorious Finnish hacker has been sentenced to six years and three months in prison after attempting to extort ransom from tens of thousands of patients using records hacked from a private psychotherapy centre.

Länsi-Uusimaa District Court found that Aleksanteri “Julius” Kivimäki, 26, was guilty of offences including an aggravated data breach, nearly 21,000 aggravated blackmail attempts and more than 9,200 aggravated disseminations of information infringing private life.

The court said the “ruthless” crimes were “very damaging” to patients in a fragile state of mental health.

Lawyer Jenni Raiskio, representing 1,500 clients, told Finnish newspaper Hensingin Sanomat in March that several of the victims died by suicide after sensitive information was leaked.

Julius Kivimaki in a 2014 interview with Sky News. Image credit: Sky News

Patient extortion

Kivimäki in 2018 hacked the computer network of the Vastaamo psychoterapy centre and downloaded its database on some 33,000 clients, according to prosecutors.

The Vastaamo clinic had branches throughout the country and acted as a private sub-contractor for Finland’s public health system.

Its chief executive was fired and prosecuted following the breach over a lack of proper security measures. The clinic later went bankrupt.

Kivimäki, who as a teenager was an extremely prolific hacker, took part in disabling the PlayStation Network and Xbox Live online gaming services over Christmas 2014, as part of the Lizard Squad hacking group.

He initially attempted to blackmail the clinic for about 370,000 euros ($396,000) in Bitcoin.

Kivimäki was part of the Lizard Squad hacking group.

Red Notice

When the clinic refused to pay, he began contacting thousands of patients directly in October 2020 and ordering them to pay 200 euros within 24 hours. If they refused the amount was raised to 500 euros.

About 20 people paid before the victims realised that Kivimäki had already accidentally leaked the entire database to a hacker forum, where it remains accessible today, the BBC reported.

Police suspected Kivimäki of the hack and in 2022 a Europol Red Notice was issued against him.

He was arrested last February in Paris, where he was found to be living with forged identity documents, and was extradited to Finland.

Prosecutors had sought seven years in prison, the maximum for such crimes under Finnish law. Due to the Finnish legal system Kivimäki is likely to serve about half his sentence.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Russian Court Says Google Disclosed Data On Ukraine Casualties

Russian court finds Google liable for YouTube video allegedly disclosing personal data on Russian casualties…

13 hours ago

CATL Introduces ‘Naxtra’ Sodium-Ion Batteries

Latest CATL sodium-ion batteries have energy density and range closer to lithium-ion units using cheap…

13 hours ago

Amazon ‘Pauses’ Some Data Centre Leasing Plans

Amazon's AWS cloud unit pauses some leasing talks around new data centres, analysts say, in…

14 hours ago

FTC Sues Uber Over ‘Deceptive’ Subscription Practices

US trade regulator says Uber signed users up for Uber One plan without their knowledge,…

14 hours ago

Shopify Must Face California Privacy Lawsuit

Appeals court ruling reopens case that had been dismissed, finding Shopify must face trial under…

15 hours ago

Justice Dept Argues Google Must Face Harsh Remedies

US Justice Department lawyers argue Google must face wide-ranging remedies including selling off Chrome, with…

15 hours ago