Finnish Patients Blackmailed After Clinic Data Breach

Finnish Patients Blackmailed After Clinic Data Breach

Patients whose data was stolen in a cyber-attack on a Finnish psychotherapy clinic are being individually blackmailed.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

An attack on the Vastaamo practice in November 2018 resulted in the theft of a customer database, with a second potential breach occurring in March 2019. Vastaamo serves thousands of patients from around 20 branches at locations across Finland.

The data breach came to light in September 2020 when a blackmailer approached three Vastaamo employees. 

Patient data that was compromised appears to have included therapy session notes detailing what was discussed along with personal identification records. 

According to the Associated Press news agency, the records of around 300 Vastaamo patients have been published on the dark web. 

Vastaamo has stated that it is cooperating fully with law enforcement and has advised any patients who have been contacted individually by a blackmailer to go to the police. The clinic described the incident as “a great crisis.”

A helpline has been set up by the clinic for victims, who are also being offered a free unrecorded therapy session.  

News site Yle reported that the Finnish government held an emergency meeting about the situation on Sunday night in which Interior Minister Maria Ohisalo dubbed the security incident and subsequent blackmailing as “exceptional.”

A Vastaamo patient who was contacted by the blackmailer told the BBC that he didn’t think handing over a ransom would guarantee the safety of his data. 

The victim, who asked to be referred to only by his first name, Jere, said that someone describing themselves as “the ransom guy” had contacted him to demand a payment of €200 ($236) in Bitcoin. Jere was told that he was being contacted after Vastaamo had refused to pay a ransom of 40 Bitcoin ($515,632).

The blackmailer told Jere that if he didn’t pay within 24 hours, the ransom would increase to €500 ($590). If no payment had been received within 72 hours, notes from psychotherapy sessions Jere completed as a teenager would be published. 

“Those notes contain things I’m not ready to share with the world,” said Jere. “And having someone threaten me with said notes certainly makes me extremely uncomfortable.”

Jere, who said he could not afford to pay the ransom, added: “I feel like paying won’t guarantee that my data will remain safe.”

By admin