Oct 26, 2020 14:00:00

A hacker who stole the personal information of thousands of patients receiving psychotherapy demands a ransom of over 50 million yen

by

Blogtrepreneur

The names, personal identification numbers, email addresses, addresses, and psychotherapy details of thousands of patients attending the psychotherapy center were stolen by a hacking group, saying, 'In exchange for not disclosing information, 450,000 euros (about 55 million yen) ) Was threatened in Finland. The targeted psychotherapy center is a private contractor of a Finnish government agency, and public distrust is increasing.

Hackers hijack and publish mental health data of hundreds of people
https://www.foreigner.fi/articulo/national/scandal-over-the-hijack-and-and-publication-of-private-mental-health-data/20201023121903008599.html

Data break-in may have compromised privacy of thousands of psychotherapy clients in Finland
https://www.helsinkitimes.fi/finland/finland-news/domestic/18203-data-break-in-compromises-privacy-of-thousands-of-psychotherapy-clients-in-finland.html

Finland shocked by therapy center hacking, client blackmail --ABC News
https://abcnews.go.com/Health/wireStory/finland-shocked-therapy-center-hacking-client-blackmail-73817011

The target of the hacking group was Vastaamo, a privately operated psychotherapy center as a subcontractor of the Finnish public health system. Vastaamo provides psychiatric treatment for patients suffering from depression and anxiety disorders, many of whom visit the center through the Social Insurance Organization KELA .

According to Vastaamo, the hacking group exploited a vulnerability in Vastaamo's system to hack three times between November 2018 and March 2019, accessing a database of thousands of patients. He said he did. He demanded that he pay € 450,000 in Bitcoin in exchange for not disclosing patient data.

From October 21, 2020, the hacking group began publishing data for 100 people a day via encrypted Tor. The disclosed information includes the patient's name, personal identification number, telephone number, email address, address, and psychotherapy, and the hacking group said, 'We will continue to disclose information every day until we pay the ransom.' Presentation. By the 26th, more than 300 people were reportedly released as Vastaamo resisted paying the ransom.

by Book Catalog

Vastamo reports the situation to the police and asks a security expert to start an investigation. The National Investigation Agency (KRP) has also begun an investigation, but it seems that the identity, including the nationality of the hacking group, has not yet been revealed. On the other hand, it is also believed that 'Vastamo paid the ransom' because the hacking group stopped publishing the data, but Vastamo has not commented on this.

In addition, some patients were directly threatened to pay a ransom in exchange for keeping the information private, and Vastaamo is calling on these patients to call the police immediately.