LOGBOOK

HELP

Quiz Entry - updated: 2026.05.28

What made the Vastaamo hack such a notorious example of a confidentiality breach?

A Finnish psychotherapy provider's patient database was stolen and leaked — and the deeply sensitive notes were neither encrypted nor anonymised.

Key facts:

  • Vastaamo was a Finnish provider of psychological services
  • Its patient database was breached; data of ~30,000 people was published
  • The records were neither encrypted nor anonymised — so once stolen, they were immediately readable
  • Patients were then individually extorted with their own therapy notes

Why it's a teaching case: it shows the human cost of a confidentiality failure (the most-often-undetected CIA breach), and how poor data minimisation + missing encryption at rest turns a breach into a catastrophe. It also illustrates extortion aimed at individuals, not just the organisation.

Tip: Encrypting data at rest (and not retaining what you don't need) is what would have blunted this — even after exfiltration, the data would have been useless.

From Quiz: ISF / Foundations, Key Terms & Ransomware | Updated: May 28, 2026