In Finland, hackers stole patients' therapeutic records and subsequently blackmailed them

The hackers managed to obtain personal data from thousands of patients in the psychotherapy clinic.

Cyber ​​criminals stole medical records from patients in a psychotherapy clinic

An unknown group of hackers stole the data of the psychotherapeutic clinic Vastaamo in Finland. The attackers managed to get into the clinic's records and stole sensitive personal data from thousands of patients and began blackmailing some of them.

The perpetrators obtained not only personal data, such as social security number, address, but also records of therapeutic sessions. These records do not transcribe patient-physician communications, but include a treatment plan and other sensitive patient information.

Some patients whose personal information was stolen received an e-mail stating that if they did not receive a ransom, they would publish the stolen data on the Internet. Police advise victims not to pay ransom, as this provides no guarantee that the data will not be published. In the end, the data of several patients were actually published on the Internet.

The director had to bear the consequences

The attacked clinic and Finnish police are working together to catch these cyber criminals. At the same time, the Vastaamo Clinic launched an internal investigation, finding that cybercriminals entered their systems as early as November 2018.

The clinic announced that their executive director Ville Tapio had been fired and fired. The reason was that he knew about the leak and kept this fact a secret from the parent company and the board of directors. However, he stated in a personal account on the social network Facebook that he was not aware of data theft from the very beginning.

The number of injured patients is unknown, but it can be thousands to tens of thousands of people. This clinic is the largest in the country and has about 40,000 patients.

Annoying security incident

Even the President and Prime Minister of Finland commented on this situation. Their views were that this situation is very unpleasant, as it is a state of health of many patients, which is very important information.

Authorities are urging citizens not to share data published by cybercriminals to minimize their dissemination. If a clinician patient receives a threat email, he or she should keep it for investigative purposes as evidence.