Man who mass-extorted psychotherapy patients gets six years

Hacker’s identity and HN connection

  • Multiple commenters assert the convicted hacker previously posted on HN under several accounts, citing old comments where that user appears to admit to a long hacking record and to being the person later convicted in high-profile cases.
  • Others urge caution, noting past misidentifications by security journalists and the risk of taking “random comments” as proof.
  • One commenter notes Finnish police documents included screenshots of specific HN threads with the suspect’s participation (usernames redacted), which some view as corroboration.
  • Overall: many are convinced the HN–hacker link is real; a minority remain skeptical about the evidence quality.

Digital therapy records and data privacy

  • Strong sentiment that digitized therapy notes—especially in poorly secured SaaS/EMR systems—are a bad idea due to breach and mass-extortion risk.
  • Comparisons are drawn to everyday risks (cars, electricity), with some arguing convenience drives adoption despite serious downsides.
  • Several contrast small-scale paper loss (e.g., notes left on a train) with the massive, high-consent-violation nature of digital breaches.
  • Concerns extend to AI-generated clinical notes and always-listening devices in medical settings.

How investigators caught him

  • Commenters summarize court and reporting details:
    • The attacker mistakenly included part of his own home directory when publishing stolen data.
    • A misconstructed tar command run via cron from the wrong directory filled the server disk, created a large tarball, and left artifacts that allowed investigators to link the server and data back to him.
  • This is described as “unprecedented” in official language but technically simple, more about scale than novelty.

Sentencing, recidivism, and prison philosophy

  • Many view a ~6-year sentence (with early release likely) as far too light given tens of thousands of victims and at least one linked suicide; some argue this warrants decade-plus or even capital punishment.
  • Others stress Finland’s rehabilitation-oriented model, lighter sentences, low recidivism, and the dangers of long prison terms increasing criminal networking and bitterness.
  • Debate centers on prison purposes: rehabilitation vs incapacitation vs deterrence vs retribution, with sharp disagreement on whether this offender should ever be trusted free.

Corporate liability and consequences

  • The psychotherapy provider went bankrupt.
  • Its CEO received a suspended short prison sentence and had to return proceeds from share sales made after the breach but before public disclosure.
  • Some argue companies generally face too few consequences for data breaches, often limited to credit monitoring offers.

Scale of harm and per‑victim punishment

  • Several emphasize the extraordinary scale: blackmail attempts against ~33,000 patients.
  • Some argue sentencing should be per victim (effectively yielding an enormous term), while others point to systems that cap maximum sentences and allow indefinite extensions only for the most dangerous cases.