The attackers are demanding about $ 500,000 in ransom from the management of a large network of psychotherapy clinics in Finland, Vastaamo. Since Vastaamo is a nationwide medical network with more than a dozen departments, the data of tens of thousands of patients are at risk. Even worse, confidential information about patients has already been partially published on the darknet, and hackers have contacted some of Vastaamo's clients directly.
Vastaamo executives first officially announced the incident last week. Then it became known that back in September 2020, the hacker contacted three employees of the medical facility and demanded a 40 bitcoin ransom (more than 500,000 at the current exchange rate), otherwise threatening to publish the stolen patient data.
Moreover, according to local media reports, the attacker is already implementing his threats, and at least 300 case histories have been published on the darknet. It is also reported that without having achieved anything from the Vastaamo management, the extortionist began to directly contact the patients by e-mail and demand from them $ 240 in cryptocurrency for removing their records from the stolen database. Apparently, the attacker thought of this after several people learned about the leak and offered the hacker money to remove this information from the database. According to Ilta Sanomat, the blackmailer set a price for them at 0.05 bitcoin (about $ 650).
The same publication notes that the attacker "writes in very good English" and uses secure mail services. So, at first the hacker used Tutanota, and then switched to Protonmail and Cock.li.
Last weekend, the information about the incident was officially confirmed by the National Bureau of Investigation of Finland, saying that the leak affected data on tens of thousands of patients. In turn, the journalists of the Helsingin Sanomat edition managed to find out that the extortionist had already "leaked" at least 2000 case histories. They write that the hacker uploaded a 10 GB file containing information about Vastaamo patients, including their names, social security numbers, postal and email addresses, telephone numbers, and notes from therapists.
Vastaamo is now providing updates on the incident on an almost daily basis, and the facility is working on an investigation with the Finnish Cybersecurity Center, Valvira, and the data protection commissioner. Finnish ethical hackers also help the investigation, and the information security company Nixu is studying the technical aspects of hacking. It was the experts of the latter who discovered that the hack itself probably happened back in November 2018.
Interestingly, the incident was not the only attack on Vastaamo. As it became known now, in mid-March 2019, there was another incident, which was known to the head of the network of clinics, but he decided to keep the incident secret from the board of directors, authorities and victims. When the incident became known, the Vastaamo board of directors dismissed the head of the company from his post. At the same time, it is still unknown whether the hackers managed to steal any data during the March attack.
According to the latest reports from Vastaamo and the Nixu investigation, it has so far been confirmed that the infrastructure of the medical facility has not had critical vulnerabilities and has not been attacked since March 2019.
Vastaamo executives first officially announced the incident last week. Then it became known that back in September 2020, the hacker contacted three employees of the medical facility and demanded a 40 bitcoin ransom (more than 500,000 at the current exchange rate), otherwise threatening to publish the stolen patient data.
Moreover, according to local media reports, the attacker is already implementing his threats, and at least 300 case histories have been published on the darknet. It is also reported that without having achieved anything from the Vastaamo management, the extortionist began to directly contact the patients by e-mail and demand from them $ 240 in cryptocurrency for removing their records from the stolen database. Apparently, the attacker thought of this after several people learned about the leak and offered the hacker money to remove this information from the database. According to Ilta Sanomat, the blackmailer set a price for them at 0.05 bitcoin (about $ 650).
The same publication notes that the attacker "writes in very good English" and uses secure mail services. So, at first the hacker used Tutanota, and then switched to Protonmail and Cock.li.
Last weekend, the information about the incident was officially confirmed by the National Bureau of Investigation of Finland, saying that the leak affected data on tens of thousands of patients. In turn, the journalists of the Helsingin Sanomat edition managed to find out that the extortionist had already "leaked" at least 2000 case histories. They write that the hacker uploaded a 10 GB file containing information about Vastaamo patients, including their names, social security numbers, postal and email addresses, telephone numbers, and notes from therapists.
Vastaamo is now providing updates on the incident on an almost daily basis, and the facility is working on an investigation with the Finnish Cybersecurity Center, Valvira, and the data protection commissioner. Finnish ethical hackers also help the investigation, and the information security company Nixu is studying the technical aspects of hacking. It was the experts of the latter who discovered that the hack itself probably happened back in November 2018.
Interestingly, the incident was not the only attack on Vastaamo. As it became known now, in mid-March 2019, there was another incident, which was known to the head of the network of clinics, but he decided to keep the incident secret from the board of directors, authorities and victims. When the incident became known, the Vastaamo board of directors dismissed the head of the company from his post. At the same time, it is still unknown whether the hackers managed to steal any data during the March attack.
According to the latest reports from Vastaamo and the Nixu investigation, it has so far been confirmed that the infrastructure of the medical facility has not had critical vulnerabilities and has not been attacked since March 2019.
