Knowing the timeline of events and the nicknames attributed to him (ryanlol included), some interesting posts can be found. For example, in the period between the CEO starting communication (September 2020) and the clinic's public admission (October 2020) [1], ryanlol replied to a top comment (Oct 3, 2020): "If you’re a hospital or, say, a school district, 'never pay' is simply an unconscionable attitude" [2]. Isn't it a hacker raging at the management that refuses to pay?

[1] https://en.wikipedia.org/wiki/Vastaamo_data_breach#Backgroun...

[2] https://news.ycombinator.com/item?id=24672687

Julius Kivimäki was released pending the outcome of his appeal. https://www.bankinfosecurity.com/finnish-vastaamo-hacker-fre...

The article cites "Ryan" as one of his aliases, so the id ryanlol commenting in this thread could plausibly be Kivimäki.

Wasn't he the guy that used tar for the leaked folder of data, but the tar included his user folder which contained his legal name?

> "Unfortunately, we have to ask you to pay to keep your personal information safe.”

I can't put my finger on why, but the faux "aw shucks, our hands are tied" makes me even more pissed off by the fact that they're leaking people's therapy notes. Just come out and say you're an amoral money seeker.

"the patient records database was accessible via the internet; there was no firewall and, perhaps most egregiously, it was secured with a blank password, so anyone could just press enter and open it"

There _should_ be a bunch of people in jail for that. Including, but not limited to the CEO. It should also include all the people on the org chart between whoever set that database up and the CEO.

I'm a broken record about this by now, but stories like these keep reminding me how broken the law is for ethical hackers in Germany. If an ethical hacker found something like this in Germany, it would from my knowledge not be clear if entering an empty password counts as "circumventing or breaking a security barrier". "No password barrier" has recently been clarified in courts, but "Static Password" hasn't.

And once you break a security barrier, you're breaking the law. Even GDPR doesn't help you there - that just ensures more people are breaking different laws. And this can get all your devices seized, land you in jail, end your career, cause thousands of Euros of equipment loss, because the new laptop naturally got lost in the return process after 6 - 12 months.

And thus, many people with the skill to find such problems and report them silently to get them closed do ... nothing. Until bad people find these holes and what the article describes happens. And Europe has hacker groups who could turn our cybersecurity upside down in a good way. Very frustrating topic.

There's a nice episode from darknetdiaries about it https://darknetdiaries.com/episode/159/

Do we really only catch the laziest hackers? The opsec is shocking.

> he had not only accidentally uploaded all of the therapy notes, but also his entire home folder

Lol. At least it's a good reminder about bad opsec.

undefined

I have seen therapists in the past, but never over video calls, and the notes have been kept on paper. Sometimes in person is much better.

This rush to put everything online will destroy everyone's privacy even though privacy is the thing we all need.

He’s done less than seven years of time, shows no remorse and even denies doing it in the first place. You dropped the ball on this Finland, don’t be surprised when he does it again. What a disgusting human being.

I've said it before, but these types of malicious hackers should face draconian punishment. Decades behind bars.

"Jazz police are looking through my folders. Jazz police are talking to my niece. Jazz police have got their final orders. Jazzer, drop your axe, it's jazz police!"

This is why you should not go to a therapist who uses electronic records. This will happen to you at some point.

[dead]

[flagged]

Like most hacktivists, he is selfish asshole that cares more about self gratification than the consequencesbof their actions.