Hackers rummaged about in Finnish psychotherapy clinic – now patients extorted with public data dump threats

Details on 300 reportedly already published to Tor website

A Finnish psychotherapy centre was hit by hackers who stole therapy session notes – before threatening patients of the clinic with ransom demands amid selective dark web leaks of stolen material.

"Psychotherapy Center Vastaamo has been the victim of data breaches and blackmail," said the Helsinki-based clinical chain late last week (in Finnish), adding: "In recent days, the blackmailer has published sections of the information he obtained during the hacking. Now the blackmailer has begun to approach the victims of the breach with blackmail letters demanding a ransom."

Vastaamo went public about the hack last week after the details of around 300 customers were published on a Tor website, according to infosec firm Bitdefender's corporate blog.

Company chairman Tuomas Kahri told local newspaper Helsingin Sanomat (in Finnish) that "no information has been leaked since November 2018". He added, in a statement on the clinic's website first issued last week, that "it is likely that our system [was also] infiltrated between the end of November 2018 and March 2019."

The statement continued: "We do not know that the database was stolen in this context, but it is possible that individual data was viewed or copied during that period," explaining that while local admins could tell that a customer database had been accessed by the criminals, they couldn't tell precisely whose data had been stolen.

Others with better knowledge of the local situation claimed that up to 40,000 people's details had been stolen from the clinic. Mikko Hyppönen, chief research officer of Finnish infosec firm F-Secure, tweeted:

He added that the attack was a straight-up hack and ransomware was not used by the criminals.

A crisis hotline was made available for victims of personal extortion attempts to access support and therapy, while the local authorities – including Finland's equivalent of the National Cyber Security Centre and the country's data protection body, investigate the hack.

It seems unusual that the hackers waited so long to target the clinic, assuming the clinic's own assertion that the illicit access stopped in March 2019 is accurate. Insider threat – potentially from a rogue former employee – could be one explanation, though the company has not yet responded to The Register's enquiries.

In this day and age, hacks and ransoms are synonymous with encryption malware: ransomware. Demands for payment in exchange for not publishing stolen data are relatively rare, though last year the South African city of Johannesburg faced such a demand – and publicly vowed to ignore it.

Local police have advised those affected (in Finnish) not to pay the ransom and asked that they preserve any messages as evidence and contact the police immediately. "Do not agree to the demands of the blackmail[ers]," advised Marko Leponen, chief inspector of the Keskusrikospoliisi (National Bureau of Investigation). ®

Keep Reading

Tech Resources

The State of Application Security 2020

Forrester analyzed the state of application security in 2020 and found over 75% of external attacks are attributed to web application and software exploits.

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Anatomy of a Private Cloud

Learn the key elements that combined, build a true Private Cloud

Biting the hand that feeds IT © 1998–2021