A security breach affecting tens of thousands of patients in a private therapy company has dominated the Finnish news cycle and made headlines abroad. All Points North looks at the consequences for victims and other ordinary people, as well as for companies and organizations that collect and process personal information.
You can listen to the full podcast through the embedded player here or through Yle Areena, Spotify, Apple Podcasts or a regular podcast player using an RSS feed.
The article continues after the sound.
Antti Virtanen, the security manager of the technology company Solita and a member of the NGO Community Cyber Response Force, told APN that a case where hackers stole IDs and address information as well as patient information and threatened to disclose them if ransom is not paid is quite unusual in Finland.
"There have been data breaches, ransomware attacks in Finland in the past … but never on such a scale and never such data, which is deeply personal to many people," he noted.
The psychotherapy company Vastamo, which is at the center of a massive data breach, revealed that it had been the subject of two different attacks – in 2018 and 2019. It is now closely monitored in the processing of confidential customer data.
Restrictions on control
Deputy Data Protection Officer Jari Råman told APN that companies are primarily responsible for adopting policies and systems to protect sensitive customer information and complying with the EU General Data Protection Regulation (GDPR).
"They must, of course, control their own activities and the processing of their personal data. But after that, there are also monitoring organizations, including us and Valvira [Supervisory Authority for Health and Welfare]and we also monitor the processing of personal data and the security of the systems from the outside," Råman said.
"But naturally, as is always the case with ex post (sic), it cannot be the case that we can control everything that happens. Our resources allow us to address only the issues raised," he said.
Both the Cyber Surveillance Organization and the Office of the Data Protection Commissioner have provided a complete – in English – checklist for the victims, and we will, of course, list them in our show notes.
The APN also spoke of efforts to ensure the corona security of sports, given their role in maintaining well-being during a pandemic, and returned to an annual discussion on the final change of time.
Join the discussion!
This week’s presentation was presented Denise Wall and Zena Iovino. The producer was Mark B.Odom and the sound engineer was Panu Willman.
Subscribe to the All Points North newsletter and if you have any questions or would like to share your thoughts, please contact us via WhatsApp at +358 44 421 0909, our Facebook or Twitter account or at [email protected] and [email protected].