The attackers had published the patient records, including names and contact information. Thus, according to the private Finnish psychotherapy center, the attackers used the anonymous Tor communication software.
Patient records exposure determined an emergency meeting
As soon as it became aware of the incident, the Finnish interior minister decided to summon Cabinet members into an emergency meeting. So, they met on Sunday, as hackers accessed hundreds of patient records at the private center. It seems that they were seeking ransom from patients.
Maria Ohisalo, The Finnish Interior Minister announced in a Tweet that auhorities would provide “provide speedy crisis help to victims”. Also, the minister called the incident “shocking and very serious.”
The Vastaamo psychotherapy center has clinics all over the country. So, it operates as a sub-contractor for the national public health system. The company announced that hackers most probably stole the information during two attacks that started two years ago.
Vastaamo mentioned that the first attack happened in November 2018. They added that “it is likely that our (data) systems were penetrated also between the end of November 2018 and March 2019.”
Also, according to the center, the unknown attacker or attackers had published the information using the Tor communication platform.
“The blackmailer has started to approach victims of the security breach directly with extortion letters,” it said.
Tens of thousands of possible victims
Moreover, the National Bureau of Investigation mentioned that “tens of thousands” of Vastaamo clients may have had their personal data compromised. So, police started looking for the possible responsible person(s) both in Finland and abroad.
Still, the authorities did not mention if the stolen information also included diagnoses.
But Vastaamo advised its clients to immediately report to the Police any blackmail attempt. Meanwhile, according to the Finnish media, cyber-criminals asked for up to 500 euros in Bitcoin, as ransom from the victims.
Also, the center received a ransom demand about for 450,000 euros, in Bitcoin.
At the same time, Mikko Hypponen, chief research officer of F-Secure, declared that the event was exceptional. “I’m not aware of any such case anywhere in the world with such gross misuse of patient records,” Hypponen also mentioned.