A hacker is trying to blackmail thousands of Finish patients after gaining access to their personal information via a psychotherapy company.
Police have said that an unknown party started demanding ransom from more than 40,000 patients whose data was stolen from the Vastaamo psychotherapy centre, according to local media reports.
The data was taken during a cyber attack in November 2018, and potentially again in March 2019, the Helskinki-based centre said in a statement.
The company is cooperating with the police, but it's reported that some 300 records have already been published on the dark web. It is also being reported that the firm's CEO, Ville Tapio, has been fired for obscuring information about the data breach for more than two years.
The hackers originally sought to extort a ransom from the centre's management but changed tactics over the weekend to elicit payments from individuals that had used the service.
Various patients have spoken to media outlets to say that the hackers have contacted them and threatened to leak mental health records onto the internet unless they provide payment in Bitcoin. Some of the people whose data has been stolen are also underage.
One patient told the BBC that the hacker said Vastaamo had refused to pay 40 Bitcoin (£403,000) and he would now have to pay €200 worth in order to stop his information being released - this included session notes from when he was a teenager.
"I'm anxious about the fact that the attackers are in possession of my notes and conversations from those psychiatrist sessions," he said. "Those notes contain things I'm not ready to share with the world. And having someone threaten me with said notes certainly makes me extremely uncomfortable."
The patient's notes had been taken in a physical notebook and he/she wasn't told these would be uploaded to a server. The country's prime minister Sanna Marin tweeted that the Finish government was looking into ways to support the victims of what he called a "shocking" hack.
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
The number of ransomware groups rockets as new, smaller players emergeNews The good news is that the number of victims remains steady
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
-
NCA confirms arrest after airport cyber disruptionNews Disruption is easing across Europe following the ransomware incident
-
Cyber professionals are losing sleep over late night attacksNews Hackers are biding their time and launching attacks when businesses can’t respond
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attackNews The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
Ransomware attack on IT supplier disrupts hundreds of Swedish municipalitiesNews The attack on IT systems supplier Miljödata has impacted public sector services across the country
