A 28-year-old American is accused of taking part in the extortion attempt targeting the Vastaamo psychotherapy center, hacked in 2018, in a case that still shakes Finland.
Finnish authorities announced the indictment of Daniel Lee Newhard, a U.S. citizen, for complicity in aggravated attempted extortion against the Vastaamo center. Aged 28, he denies any involvement. Prosecutors clarified that the charges concern only the blackmail of the company, not its patients. The case will be tried before the Western Uusimaa District Court. This new step comes as the main actor, Finnish hacker Aleksanteri Kivimäki, recently released on appeal after a landmark conviction, continues to deny responsibility. The hack, which exposed the sensitive medical data of tens of thousands of patients, remains one of the most serious cybersecurity incidents in Europe.
A second American suspect in the Vastaamo case
According to the Finnish prosecution, Daniel Lee Newhard allegedly used a server managed by Kivimäki. Investigators state that connection logs directly link his IP address in Estonia to his home. A cached version of the Inforegister website in Estonia had already listed his name and date of birth, confirming his identity. Pasi Vainio, prosecutor of the Western Finland District, confirmed he was indeed an American citizen. Authorities, however, dropped charges of complicity in data dissemination, judging that charge disproportionate given the penalties at stake.
The path of Kivimäki and his central role
Aleksanteri Kivimäki, the central figure in the case, had already been convicted in his youth for his role in the Lizard Squad collective. Arrested in France in 2023 and extradited, he received six years and three months in prison for orchestrating the mass extortion targeting Vastaamo and its clients. More than 24,000 victims filed complaints, an unprecedented number in Finnish judicial history. Some were minors or under treatment for severe trauma. While his conviction stands, the appeal procedure grants him presumption of innocence and secured his provisional release.
A lasting shock for Finnish society
The hack, revealed in 2020 but initiated in 2018, marked a turning point in Finland. Hackers threatened to publish patients’ therapy notes online if they refused to pay a ransom. Victims’ lawyers affirm that many still suffer psychological and social consequences from the breach. In a report, the Christian Science Monitor described the incident as “a turning point for Finland,” highlighting the societal shockwave triggered by the attack. The case also illustrated the vulnerability of medical infrastructures to cyberthreats, and the difficulty authorities face in protecting sensitive data in such a critical sector. [ZATAZ News English version]
