Cyber Crime

Finnish psychotherapy center Vastaamo suffered a shocking security breach

Private Finnish psychotherapy center Vastaamo suffered a security breach, hackers are now demanding ransom to avoid the leak of sensitive data they have stolen.

Finland’s interior minister summoned an emergency meeting Sunday after the private Finnish psychotherapy center Vastaamo suffered a security breach that caused the exposure of patient records. To worse the situation the hackers now demanding ransoms threatening to leak the stolen data.

Vastaamo operates as a sub-contractor for Finland’s public health system, according to the authorities, the hackers have stolen patient sensitive data during two attacks that started almost two years ago.

Finnish Interior Minister Maria Ohisalo tweeted that authorities would “provide speedy crisis help to victims” of the security breach at the Vastaamo psychotherapy center, an incident she called “shocking and very serious.”

The Finnish Interior Minister Ohisalo defined the attack “shocking and very serious” and expressed the commitment of the authorities in providing “speedy crisis help to victims.”

President Sauli Niinisto called the blackmailing “cruel” and “repulsive,” while Prime Minister Sanna Marin added that such kind of attacks is “shocking in many ways.”

The attacker that goes online with the moniker ’ransom_man’ has already leaked 300 patient records containing names and contact information and is blackmailing the victims that received emails from the hackers.

“It was not immediately clear if the stolen information included diagnoses, notes from therapy sessions or other potentially damaging information. Also, it wasn’t clear why the information was surfacing only now.” reported the Associated Press.

According to a statement published by Vastaamo on Saturday, the first attack likely took place between the end of November 2018 and March 2019.

The National Bureau of Investigation is investigating the incident and revealed that the data breach may have impacted up to “tens of thousands” of the Vastaamo clients.

“What makes this case exceptional is the contents of the stolen material,” Marko Leponen, the National Bureau of Investigation’s chief investigator assigned to the case, told reporters.

Vastaamo urged clients who were contacted by the intruders to immediately contact Finnish police.

Finnish media reported that crooks are demanding ransoms of 200 euros worth of Bitcoin, the ransom amount will increase up to 500 euros if the victim will not pay it within 24 hours. Crooks also attempted to directly blackmail Vastaamo asking for a 450,000 euros ransom.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Vastaamo)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

FIN7 targeted a large U.S. carmaker with phishing attacks

BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…

3 hours ago

Law enforcement operation dismantled phishing-as-a-service platform LabHost

An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…

8 hours ago

Previously unknown Kapeka backdoor linked to Russian Sandworm APT

Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…

13 hours ago

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…

15 hours ago

Linux variant of Cerber ransomware targets Atlassian servers

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…

1 day ago

Ivanti fixed two critical flaws in its Avalanche MDM

Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…

1 day ago

This website uses cookies.