Terveystalo’s online appointment booking service has encountered phishing
Media release
Terveystalo’s online appointment booking service has encountered phishing. As a result, a few of Terveystalo’s customers’ personal identification codes have most likely been phished successfully. No other personal information has been obtained. No patient records are processed in online appointment booking.
“We are extremely sorry for the ones who experienced this criminal action. We take this matter very seriously and have begun immediate actions to prevent any such misconduct to happen in the future”, comments Terveystalo Chief Digital Officer Juha Juosila.
“The possibility to phishing has been known and we have previously contacted Data Protection Authority concerning this matter. We are currently working on launching the online appointment booking requiring strong electronic identification and have now accelerated the pace of development and deployment. As an immediate action, we have increased the technical surveillance of our online booking and improved our readiness to hinder such criminal actions. With these actions we aim to prevent the possibility to phishing with programmatic techniques, until our strong electronic identification is in use.”
No patient record information has been as an object of phishing and there is no danger of such. Phishing has been targeted solely to online appointment booking, which only processes name and personal identification code information, which are not classified as sensitive personal data according the EU General Data Protection Regulation (GDPR).
The offence was discovered due to blackmail message received by Terveystalo. Terveystalo has reported the offence to police and both Data Protection Authority and Finnish Communications Regulatory Authority. In addition, known targeted individuals have been informed about the incident.
“According to Data Protection Authoritys' current evaluation, our means of securing and protecting online appointment booking service are adequate in this situation”, says Juha Juosila.
Terveystalo takes this matter very seriously and has taken immediate action to prevent any such misconduct from happening in the future.
“We serve 1,2 million patients annually and a large proportion of them favor our online appointment booking service. The importance of electronic channels in order to ensure their access to treatment is very important. However, if we observe heavy criminal actions before the strong electronic identification is ready to be launched, we are prepared to limit the use of online appointment booking”, says Juha Juosila.
More information:
Terveystalo Communications, tel. +358 50 358 1170, viestinta@terveystalo.com