Imagine finally summoning up the courage to start therapy, to disclose your scariest thoughts and feelings, and then this happens.
They told their therapists everything. Hackers leaked it all – WIRED
“If we receive €200 worth of Bitcoin within 24 hours, your information will be permanently deleted from our servers,” the email said in Finnish. If Jere missed the first deadline, he’d have another 48 hours to fork over €500, or about $600. After that, “your information will be published for all to see.”
It’s a story that WIRED’s UK version had covered in a very similar way back in December.
A dying man, a therapist and the ransom raid that shook the world – WIRED UK
After a handful of sessions, Puro’s therapist moved on to find new work, supposedly saying he couldn’t do anything more to help. Puro has managed alone since then, but his story has taken another dark twist – one that has shaken him to the core. A data breach at Vastaamo led to Puro and thousands of other vulnerable people being extorted by criminals who threatened to expose their highly sensitive data.
Here’s The Guardian’s report from October.
‘Shocking’ hack of psychotherapy records in Finland affects thousands – The Guardian
Distressed patients flooded victim support services over the weekend as Finnish police revealed that hackers had accessed records belonging to the private company Vastaamo, which runs 25 therapy centres across Finland. Thousands have reportedly filed police complaints over the breach. Many patients reported receiving emails with a demand for €200 (£181) in bitcoin to prevent the contents of their discussions with therapists being made public.
Devastating for the patients affected as well as the therapy company itself, Vastaamo.
Vastaamo fires CEO, saying he knew about hacking for 18 months – Helsinki Times
The psychotherapy centre has determined that its database was hacked in November 2018. Nixu, a Finnish cybersecurity company, found later in its investigation that the centre was targeted also in another hacking, in March 2019. “It’s very likely that the chief executive has known about the issue at that point,” Kahri stated to Ilta-Sanomat.
Hacked Finnish therapy business collapses – Computer Weekly
Vastaamo, the Finland-based private psychotherapy practice that covered up a cyber attack on its patient record system in 2018 and then saw its patients directly extorted by cyber criminals, has collapsed into bankruptcy with its services to be acquired by medical services firm Verve.
Hacked psychotherapy centre Vastaamo files for bankruptcy – Yle Uutiset
The firm was placed under liquidation in late January. Lassi Nyyssönen from Fenno Attorneys at Law was appointed as liquidator, but after assessing the situation decided that it was not feasible to carry out liquidation proceedings. “It very quickly became clear that the company’s clear, undisputed debts exceed the amount of its assets. That does not of course include possible damages that it may have to pay due to the data breach,” Nyyssönen told Yle.
A sign of the times?
Vastaamo breach, bankruptcy indicate troubling trend – SearchSecurity
Prior to learning of the Vastaamo hack, Hypponen said he believed that most attackers are motivated by financial information. “If you’re trying to make money with your criminal attacks, medical information is not a very good target for you. Well turns out, I might have been wrong,” he said during the webinar. “It might be now the case that we are seeing the beginning of the next trend — a trend where medical information is becoming a prime target for financially motivated criminals. They might not just be blackmailing the organization with the encryption of data, but the patients themselves.”