Originally published by Annabel Battersby on LinkedIn on February 4th, 2026
My life in Finland is typically quite high-tech – we use online apps for all our daily life, from transport to school messaging, from banking to meetings with doctors and getting prescriptions. All government services are offered online, to the point that phone calls are a rarity. We even have robot deliveries to our home – cute little robots drive out with two bags of groceries from the shop, navigating the streets to arrive at our door.
But there is one area of life in Finland which is decidely low- tech – and that is client files for psychological session notes or psychotherapy, which in my practice are done on paper only and stored in metal filing cabinets.
And the reason is quite clear, because in 2020 a hacker found his way into a psychotherapy company’s files and found all the companies client notes for over 30,000 people who attended sessions with Vastaamo therapists. Then the hacker proceeded to extort the former psychotherapy clients.
As is outlined in the article from last month in The Guardian, which was sent to me by many family and friends across the world, this was absolutely disastrous for many of these people, and resulted in suicides, worsening symptoms and profound feelings of vulnerability.
I had a few clients affected by this situation, and have had many more in the following years. Even relatives and friends of people affected by this are themselves affected. It was very distressing for these people and has subsequently their levels of trust and the ability to open up and be vulnerable to psychotherapists and others.
As a practitioner in Finland during this period I became extremely familiar with emphasising to potential new clients that we use paper files locked in cabinets in our practice, often as soon as within the first five minutes of a intake phone call.
While the world moves towards greater convenience and to a more online existence, I am glad that we are still able to offer our services in a totally off-line method. Furthermore, I’ve been advised to only keep paper records into the future, as the technology for file retrieval from USB drives or whatever will most likely be unknown at the point at which it may be needed (which unbelievably is 120 years from the birthdate of the client).
But I think that having security to know that your client records are completely secure should have been available for all of those clients too, and I strongly condemn the actions of this hacker (and Vastaamo, which failed to have adequate IT security). And in future, all clients should have strong confidentiality for their records.
Not only this, but clients have the right to read their records and request a copy at anytime, so practitioners need to be aware that their notes will be read in the future in any case, even if only by the client themselves. So I strongly recommend that all psychologists and psychotherapists keep this awareness in their daily practice.
Reference:
He called himself an ‘untouchable hacker god’. But who was behind the biggest crime Finland has ever known? | Cybercrime | The Guardian
https://www.theguardian.com/technology/2026/jan/17/vastaamo-hack-finland-therapy-notes