Quiz Entry - updated: 2026.05.28
What made the Vastaamo hack such a notorious example of a confidentiality breach?
A Finnish psychotherapy provider's patient database was stolen and leaked — and the deeply sensitive notes were neither encrypted nor anonymised.
Key facts:
- Vastaamo was a Finnish provider of psychological services
- Its patient database was breached; data of ~30,000 people was published
- The records were neither encrypted nor anonymised — so once stolen, they were immediately readable
- Patients were then individually extorted with their own therapy notes
Why it's a teaching case: it shows the human cost of a confidentiality failure (the most-often-undetected CIA breach), and how poor data minimisation + missing encryption at rest turns a breach into a catastrophe. It also illustrates extortion aimed at individuals, not just the organisation.
Tip: Encrypting data at rest (and not retaining what you don't need) is what would have blunted this — even after exfiltration, the data would have been useless.