Confidential Data of Thousands of Finnish Psychotherapy Clinic Patients Has Been Exposed to Hackers after Data Breach.
In Finland, a private psychotherapy clinic became the victim of a data breach about two years ago, but now a threat actor is blackmailing the clinic for ransom.
The Finnish Psychotherapy Center Vastaamo is a nationwide practice and has over a dozen branches and roughly 40,000 patients, while it also offers contract-based services to several institutions in Finland.
The clinic is under stress as threat actors are also blackmailing many of its patients. Reportedly, thousands of patients could be at risk as the blackmailer claims to have a client database containing confidential data. The data breach occurred in November 2018.
The clinic revealed details of the incident last Wednesday, stating that the extortionist contacted their three employees in September and asked for 40 bitcoins ($500,000) for not releasing the stolen patient data and forced them to pay the ransom.
Authorities are trying to track down the affected patients who have received emails from hackers threatening to disclose their private data unless they pay them the ransom.
According to the recipients, the extortionist asked for $240 in bitcoin for deleting their records. The email contains the subject line “Answering Office Information” and the recipient’s private data.
The blackmailer initially used Tutanota and then switched to Cock.li and Protonmail, which shows they are trying to use privacy-oriented email services.
The hackers have leaked 300 patient records on a website on the Tor browser after the company released a public notification about the incident.
Tweets sent out by F-Secure’s CRO on October 24th about the incident:
The attacker calls himself ’ransom_man’, and is running a Tor site on which he has already leaked the therapist session notes of 300 patients. This is a very sad case for the victims, some of which are underage. The attacker has no shame.
— @mikko (@mikko) October 24, 2020
Finnish police and other investigating agencies are trying to find the origins of the attackers that targeted Finland’s largest private psychotherapy center. Finland’s National Bureau of Investigation’s detective inspector Marko Leponen stated that:
“We are grateful for how various actors in society have helped the police. It is particularly great that citizens are urging all not to share this material on social media. Sharing such information fulfills the essential elements of an offense.”
Authorities are also discouraging recipients of extortion emails from paying the amount to the blackmailers and instead file a police report.
Finland’s prime minister Sanna Marin also tweeted about the incident, expressing dismay over the incident.
“This data breach is shocking in many ways. Victims now need support and help. Ministries are exploring ways to help victims. Action by municipalities and organizations are also needed.”
Vastaamo’s statement claims to have initiated an internal inquiry into the incident. For the first time in two years, the clinic disclosed on its website that its patient database was accessed by unknown hackers in November 2018, while security flaws persisted until March 2019.
The company also announced to have fired its CEO Vile Tapio after discovering that he hid the breach from the clinic’s parent company and board of directors.