Aleksanteri Kivimäki, a Finnish hacker, has been charged with multiple counts of extortion and data leak for allegedly hacking into a mental health clinic’s patient database and leaking the records online. The incident, which affected around 33,000 patients, occurred in 2020. Kivimäki is accused of hacking the database twice, once in 2018 and again in 2019. Finnish prosecutors have charged him with thousands of counts of privacy violation, attempted extortion, and aggravated extortion, seeking a minimum of seven years in prison. Kivimäki was arrested in France in February and extradited to Finland. He has denied guilt.
The Vastaamo clinic, where the breach occurred, detected the breach after information leaked online and received an extortion demand. Kivimäki allegedly contacted victims directly to demand ransoms. The leaked patient database was later used for fraud. The Finnish police identified a total of 33,086 victims, and the case is considered the largest hack ever recorded in the country. Vastaamo went bankrupt in February 2021.
During the court hearing, prosecutors revealed that Kivimäki exploited a vulnerability in the clinic’s server and used compromised credentials to access and download the patient records. The hacker had compromised 14,000 networks in total. Kivimäki was traced by authorities after failing to mask his IP address. The trial is scheduled to begin on November 13 in Länsi-Uusimaa.
This is not the first time Kivimäki has faced legal consequences for hacking. In 2015, he was found guilty of thousands of instances of computer break-ins committed against U.S. universities and a database provider. He received a two-year suspended prison sentence.