A large psychotherapy clinic in Finland disclosed a data breach in which the threat actors demanded ransom for a client database with confidential information that was stolen.
Psychotherapy Center Vastaamo is a private clinic having more than a dozen branches and other institutions using its services. They revealed the breach which occurred almost two years ago.
The stated that the attackers first contacted three of its employees in September, asking for 40 bitcoins (around $500,000) for not releasing the stolen patient data.
According to local reports, the attackers threatened to publish patient data to make the clinic do the payment and did so by leaking the records of at least 300 patients on a site in the Tor anonymity network.
The matter got worse when the extortionist started to contact victims over email and asked for $240 in Bitcoin (EUR 200) to delete their records.
The messages were sent with the subject line “Answering Office Information” and contain the recipient’s personal information.
Several persons after becoming aware of the data leak also offered to pay to have their information removed from the stolen database. For them, the blackmailer set a price of 0.05 Bitcoin (about $650).
It was reported in Ilta Sanomat newspaper, that the attacker “writes very good English” and that they depended on privacy-oriented email services. First, they used Tutanota, then switched to Protonmail and Cock.li, as these allowing registration and usage over Tor and similar privacy services.
After disclosing the data breach, Vastaamo was publishing updates about the incident regularly. The clinic also notified the Finnish Cyber Security Center, Valvira, and the Data Protection Commissioner prior to this.
Ethical hackers in Finland are also helping authorities by providing any details regarding the extortionist, such as messages, screenshots of sites, and metadata.
The cybersecurity company Nixu is investigating the technical details regarding the hack which is believed to have occurred in November 2018.
Vastaamo notified that any sensitive information of customers who have registered after the breach is not included in the leaks.
It is also found that there has been another breach that occurred in March 2019, which the CEO was aware of and decided to keep it a secret from the private clinic’s Board of Directors, authorities, and affected individuals.
Vastaamo Board of Directors relieved Ville Tapio of his CEO position in the company after the revelation.
According to Nixu’s investigation so far, it has been confirmed that the clinic’s infrastructure did not have critical security vulnerabilities and did not suffer a cyberattack after March 2019.
Vastaamo is providing support over the phone to all victims of the data breach and advises them on what to do if their private information has been leaked online.
Image Credits : UPI