Authorities suspect that a patient data breach at the Helsinki and Uusimaa Hospital District was bigger than originally thought, according to the National Bureau of Investigation (NBI).
The lead investigator on the case, Tiia Grönberg, said the breach targeted a few thousand patients. Last April, HUS initially suggested the breach only affected hundreds of people.
"The number has increased as the investigation has progressed. In total, we estimate the number [of people targeted] to be several thousand," Grönberg said, who added that authorities had not yet been able to reach everyone affected by the breach because they are in different parts of the country.
HUS initially announced news of the data breaches in April. The breaches are suspected to have taken place between October 2019 and March 2023, while the suspect was employed by the hospital district.
NBI: Data not misused
The suspect in the data breach, a former bookkeeper who handled patient billing at the hospital district, has claimed that curiosity was the motive behind the crimes.
"So far, there are no signs that the data was misused," Grönberg said. The suspect did not access patient records, test results or patient health care information.
HUS dismissed the employee after the breaches came to light last spring.
The case is being investigated as a data protection offence. Police have questioned the suspect and plan to do so again, but the individual has not been detained or held in remand.
Grönberg said the investigation would continue well into next year.
Would you like a roundup of the week's top stories in your inbox every Thursday? Then sign up to receive our weekly email.