Finnish Therapy Patients Blackmailed After Data Breach

A data breach is having criminal impact on its victims, after many patients of a large psychotherapy clinic in Finland whose confidential records were stolen, were contacted individually by a blackmailer.

According to the Associated Press, the breach resulted in Finland’s interior minister summoning key Cabinet members into an emergency meeting on Sunday.

It is reported that hundreds – and possibly thousands – of patient records at the Vastaamo psychotherapy centre were accessed by hackers, who are now demanding ransoms from patients.

Very serious

According to the AP, Finnish Interior Minister Maria Ohisalo tweeted that authorities would “provide speedy crisis help to victims” of the security breach, an incident she called “shocking and very serious.”

Vastaamo runs 25 therapy centres across Finland and operates as a sub-contractor for Finland’s public health system.

It said that its client register with intimate patient information was likely stolen during two attacks that started almost two years ago.

The first incursion probably took place in November 2018 and “it is likely that our (data) systems were penetrated also between the end of November 2018 and March 2019,” Vastaamo reportedly said in a statement late Saturday.

And in a new low, many patients reported receiving emails with a demand for €200 (£181) in bitcoin to prevent the contents of their discussions with therapists being made public.

Vastaamo also reportedly said the unknown criminals had published at least 300 patient records containing names and contact information using the anonymous Tor communication software. “The blackmailer has started to approach victims of the security breach directly with extortion letters,” it reportedly said.

The National Bureau of Investigation said Sunday up to “tens of thousands” of Vastaamo clients may have had their personal data compromised.

Police are said to be looking for the possible culprits both in Finland and abroad.

Medical attacks

In recent years, medical centres (i.e. hospitals) have been on the receiving end of online cyberattacks, usually ransomware attacks.

After some victims paid ransomware demands, US Treasury Department warned earlier this month that paying the criminals meant they could well be violating US sanction rules.

But those attacks rarely resulted in medical data being used (or published) for blackmail purposes.

Yet medical data has been compromised before.

In July 2019, Singapore suffered the worst cyber attack in that country’s history, which resulted in the theft of the personal data belonging to 1.5 million people, including the medical records of Prime Minister Lee Hsien Loong.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Signal Shows Data Collection Adverts Facebook Rejected

Signal has had user-targetted adverts on Instagram blocked, as messaging service attempts to highlight Facebook…

6 hours ago

Oversight Board Upholds Trump’s Facebook Suspension

Bad news for Donald. Facebook's 'Supreme Court' upholds suspension of Donald Trump account, but asks…

7 hours ago

US Presses TSMC For More Chips For Car Makers

Global silicon shortage continues, as US Commerce Department presses Taiwanese chipmakers to ease the supply…

8 hours ago

Starlink Signs Up 500,000 Pre-Orders For Satellite Internet

Elon Musk space venture SpaceX has already signed 500,000 customers on pre-order for its Starlink…

10 hours ago

Apple Vs Epic Games Court Battle Continues

Second day of courtroom showdown in the US reveals Epic Games management would have accepted…

12 hours ago

Trump Launches ‘Communications’ Website

Banned from social media for instigating US Capitol riot, Trump launches 'straight from the desk'…

14 hours ago