Finland Unveils Cybersecurity Law After Hospital Data Breach

The Finnish government is set to present a bill on mandatory security updates for IoT devices on May 26, following a major breach at a Helsinki hospital last month. The legislation, which has been in preparation for 18 months, requires manufacturers to provide software updates for at least five years. As confirmed in the announcement on May 22, the government will introduce the Act on Cybersecurity of Connected Devices on Tuesday. The bill directly follows the April 2026 data breach at HUS Helsinki University Hospital, where 40,000 patient records were leaked. This incident highlighted vulnerabilities in connected medical devices and other IoT equipment used in healthcare settings. The proposed law aligns Finland with similar EU directives but introduces stricter penalties for non-compliance. By mandating longer support periods, the bill aims to reduce the risk of future breaches and improve consumer trust in smart devices. The Finnish tech industry, including companies like Nokia and local Helsinki startups, is expected to adapt quickly to the new requirements. Industry experts have noted that the five-year update mandate could reshape product lifecycles for IoT manufacturers. The law also sets a precedent for other Nordic countries considering similar measures. As Finnish tech news outlets report, this move reinforces the country's position as a leader in cybersecurity regulation, with potential implications for the broader Finland technology sector.