Patient Record Breach Prompts Finland To Update Identity Code Laws

Breach Prompts Finland To Update ID Code Laws

Following a cyberattack that exposed patients’ mental health records last month, Finland is moving ahead with legislation that would let people change their personal identity codes in certain instances, according to an Associated Press (AP) report.

Under the proposed new law, citizens would be able to change their ID number if a data breach would possibly expose them to identity theft.

A personal identity code is assigned to each resident at birth, which enables them to use many public services and some private services. The current law makes it difficult to change a personal identity code.

“The work will start immediately, and the laws will be completed by the beginning of next year,” said Sirpa Paatero, the minister of local government who oversees Finland’s electronic services.

The legislation was fast-tracked to help patients of Vastaamo psychotherapy clinic, a private center, better protect themselves after their personal health records were exposed in a hack. 

Police in Finland said as many as 40,000 patients of the clinic could have had their data exposed in breaches in 2018 and 2019. The clinic is a subcontractor for the country’s healthcare system and has clinics all over Finland.

The country’s National Bureau of Investigation was flooded with about 15,000 complaints from people who were patients when the clinic was hacked. The breach was first made known last month. A minimum of 300 patient records showed up on the dark web with personal information like names and ID codes.

Numerous patients received ransom demands from the hackers, who asked for bitcoin in exchange for privacy. The psychotherapy center also reported that it received a ransom demand for $531,000 in bitcoin.

In an interview with PYMNTS, Philipp Pointner, chief product officer for Jumio, said that the coronavirus could accelerate the move to digital ID verification. Australia’s Digital Transformation Agency (DTA) will start testing a biometric component for digital identities next year.

According to the June 2020 Digital Identity Tracker® done in collaboration with Jumio, cyberattacks have prompted new investments to develop innovative anti-money laundering/know your customer (AML/KYC) technologies.

And Bud Walker, chief strategy officer at data verification firm Melissa Data, said in a recent PYMNTS podcast that verification is “a basic building block of trust.” Accurate data is necessary in order to build that trust in the verification process, he noted.