Posted on October 28, 2020 at 3:34 PM
Vastaamo Hack Fallout: Patients Blackmailed by Hackers
Some psychotherapy patients in Finland are being threatened with blackmail following the hack of thousands of records from psychotherapy giant Vastaamo.
The health care center receives patients from 20 cities, including Tampere, Turku, Pori, Jyvaskyla, Helsinki, and Joensuu.
Vastaamo said the patients complained that some unknown persons contacted them saying they have their records.
In recent months, ransomware attacks have increased, with threat actors targeting large corporations and critical organizations such as medical facilities and health centers. While some other recorded hacking incidences in the health sector involves hackers asking for ransom from the hacked company, those responsible for the Vastaamo hack are taking a different route.
They are threatening the patients who have visited the psychotherapy institution within the past two years.
An investigation into the breach began in late September
Vastaamo revealed that it started looking into a possible compromise of its systems at the end of last month when one of the hackers tried to extort three of its employees. Shortly after the incident, Vastaamo said it contacted Finland’s Central Criminal Police, private security company Nixu, and other law enforcement agencies in the country to carry out investigations on the incidence.
This is not the first time Vastaamo’s data has been compromised. It suffered a breach in November 2018 and another one in March last year. But this recent breach seems to be the biggest. Although it’s not clear the numbers of clients whose details have been exposed, preliminary investigation shows the figure could be in the tens of thousands.
The hackers carrying out the extortion exercise are asking the victims to pay about $230 worth of Bitcoin within 24 hours or pay $590 after the deadline. If they fail to meet their payment demands, the hackers promised to leak their details to the public.
Hackers also demanding ransom from Vastaamo
Some of the patient information has already been leaked on the anonymous web service Tor. So far, the records of 300 Vastaamo patients have been leaked.
The hackers have also demanded a ransom of $350,000 worth of Bitcoin if it wants to keep patients’ documents out of the public domain.
Personal details of patients stolen
The hackers stole the personal details of patients, as well as data related to therapy sessions. The personal details include addresses and social security numbers, based on the statement by Vastaamo. Although the hacked records don’t contain personal discussions with the patients, they include narrower professional entries.
The contacted authorities are still investigating the incidence and trying to contact patients who have been threatened by hackers.
Finnish police are collaborating with other agencies to look into the breach that targeted more than 40,000 patients in the country who had visited Vastaamo within the past two years.
Detective inspector at Finland’s National Bureau of Investigation, Marko Leponen, said the investigative unit has received a lot of help from the police regarding the investigation.
“We are grateful for how various actors in society have helped the police,” he said.
Leponen further stated that citizens are helpful by informing others not to share the material on social media because doing so fulfills the elements of an offense.
Government offers support for victims
Some of the victims have already been contacted by hackers who are demanding a ransom to prevent the disclosure of their personal information to the public. However, the Finnish authorities are warning against compliance with the hackers as there are no guarantees they will stay true to their words even after the ransom is met. The hackers may probably keep the data safe for use for further extortion in the future.
Finland’s Prime Minister, Sanna Marin, has expressed disappointment over the data hack incidence and revealed the targeted victims should be supported.
“Ministries are exploring ways to help victims,” he said, pointing out that organizations and municipalities also need to offer their support to the victims.
Vastaamo also stated that it has begun an internal inquiry on its website on Monday. The company said although its website was compromised in 2018, there were still security flaws even after launching a series of patches to the flaws.
The company also states that it fired its chief executive officer after discovering he concealed the attack initially from the company’s board of directors.