A court in Finland has handed down a rather moderate sentence to a 26-year-old hacker, Julius Kivimäki, for blackmailing over 30,000 psychotherapy patients, demanding more than $500,000 in bitcoin.
Kivimäki was sentenced to six years and nine months in prison after he hacked into the database of Vastaamo psychotherapy center in 2018, stealing patient data.
Julius Kivimäki’s Operations Plan
Kivimäki’s modus operandi was ruthless; he initially demanded a €400,000 ransom from Vastaamo, a Finnish private psychotherapy service provider founded in 2008.
However, when they refused, he emailed individual patients and resorted to threatening them with the release of their therapy notes unless they sent a smaller bitcoin ransom of €200 each into his wallet.
Despite his denial of the charges, evidence shows he went so far as to publish notes even after some victims paid, leading to severe emotional distress. Tragically, at least one suicide has been linked to his extortion attempts.
Ruthless Exploitation
The court described Kivimäki’s actions as “ruthless exploitation” of vulnerable individuals, leading to his prison term.
Tiina Parikka, one of Kivimäki’s victims, expressed the devastation caused by his threats, stating that he triggered a relapse into mental health problems she had previously overcome with therapy.
Despite the severity of the hacker’s crimes, questions remain about the adequacy of his sentence, with some victims expressing concerns about the Finnish legal system’s approach to such cases. Parikka stated:
“The main thing is that this absolutely empathy-lacking, ruthless criminal gets a prison sentence. After this, there are thoughts about how short the conviction is, when reflected against the number of victims. But, that’s the Finnish law, and I must accept that.”
According to local media, Kivimäki’s sentence was reduced by three months as a result of settlements he reached with some plaintiffs and victims. However, more individuals are expected to come forward with civil court cases seeking compensation for the trauma they endured.
A Drama
Kivimäki’s capture wasn’t without drama; he was arrested in Paris in February 2023, attempting to evade authorities, before being extradited to Finland.
Interestingly, the notorious criminal once failed to show up to court for a few days, with police claiming that they had lost him.
During his investigation, Finland’s National Bureau of Investigation (KRP) also claimed a breakthrough in tracing a Monero transaction, a privacy-centric token, potentially shedding light on its previously opaque transactions.
However, the KRP has been tight-lipped about its methods, citing the need to maintain their effectiveness in ongoing and future criminal investigations.
Heightened Awareness
While some victims express concerns about the Finnish law’s approach to this devastating case, there is a sense of closure for many that justice has been served and that Kivimäki’s reign of terror has come to an end.
In the aftermath of this case, there’s likely to be a heightened awareness of cybersecurity measures, particularly within sensitive sectors like healthcare.
As the world increasingly relies on digital platforms for personal and professional purposes, the protection of sensitive data becomes necessary to prevent such breaches and the devastating consequences that follow.
