Vastaamo, one of Finland’s most renowned psychiatric services clinics, have left their clients high and dry. The confidential medical records of tens of thousands of patients were hacked, with some even leaked online, following breaches that date back until at least 2018. Victims quickly reached out to support services and the authorities after receiving emails from hackers demanding €200 (about $230) in bitcoin in exchange for keeping their information safe and away from the public. If the victims don’t pay within 24 hours, the sum rises to €500 ($590). And should they refuse to pay, the extortionist would disclose their private discussions with the therapist online.
And to show they aren’t bluffing, the cybercriminals already leaked data of 300 patients on a website they created on Tor, an anonymous web service. According to local media reports, hackers also demanded $530,000 in bitcoin from Vastaamo to withhold from publicizing the medical records. The company said it first started investigating the matter in late September when a hacker attempted to extort three employees. Since then, it has been working closely with cybersecurity firm Nixu and law enforcement agencies, like the Central Criminal Police, to resolve the issue. Apparently, Vastaamo, which has 25 therapy centers across Finland, suffered a breach in November 2018 that exposed at least one database. Another attack occurred most likely in mid-2019.
The exact number of breached documents remains unclear, but the National Bureau of Investigation predicts it could be in the tens of thousands. “We are investigating an aggravated security breach and aggravated extortion, among other charges,” said Bureau Director Robin Lardot. Meanwhile, Chief Research Officer at security firm F-Secure Mikko Hyppönen expressed that he would like to see the perpetrators behind bars and Vastaamo held responsible for failing to protect its patients. For its part, the Finnish psychiatric services provider apologized in a statement on Monday for its data security shortcomings, “the consequences and human cost of which have become extremely heavy.”
A VPN can play a pivotal role in safeguarding online data and preventing information breaches. TheVPN.Guru offers updated VPN reviews and how-to guides, in addition to cybersecurity tips.