< Back to Searchlight Blog

Finnish psychotherapy centre data breach: hackers blackmail individual patients

Published on 28 Oct 2020 by Louise

Hackers gained access to thousands of confidential records for patients of private Finnish psychotherapy centre Vastaamo, reflecting a broader trend of poor cybersecurity across global healthcare systems.

Finnish psychotherapy centre Vastaamo recently felt the effects of a data breach in which hackers gained access to patient treatment records, which subsequently appeared on dark web sites. When the company itself refused to pay a ransom of €450,000, hackers began threatening individual patients with the release of their private data unless they paid up to €500 in Bitcoin.

Vastaamo, a private company which provides services for over 40,000 people in Finland, noted the theft of patient data had initially occured two years ago in November 2018, with another potential breach in March 2019. In October this year, the hackers responsible demanded €450,000 in Bitcoin from the company to prevent up to 10GB of unencrypted data, containing patients' phone numbers, addresses and private notes detailing their therapy sessions, from being published online. When Vastaamo refused to pay, information belonging to 300 patients was released on the dark web, with intimate personal details being extremely useful for purposes of fraud and identity theft.

Following this, the cybercriminals emailed more than 200 individual patients demanding ransoms of up to €500 in exchange for the safety of their details. Despite being advised by police not to engage with the blackmailers, many were fearful of their treatment records being published for all to see, with some dating back to their adolescent years and a significant amount of Vastaamo's patients still being minors.

The Vastaamo hack reflects a broader trend worldwide of poor cybersecurity in healthcare systems, which is increasingly exploited by criminal groups to gain valuable information and wreak financial and operational havoc on organisations. IBM's Cost of Data Breach report estimates the average US healthcare breach costs over $7 million, the highest of any industry and increasing year on year.

The US alone has experienced a seven-fold increase in healthcare data breaches in the past eight months, with a ransomware attack in September shutting down 250 facilities in the country causing longer emergency-room waits and impeded patient care. Frustratingly, the healthcare industry's generally poor cybersecurity stems from easy-to-resolve issues, such as exposed endpoints in the processes that create paper and film records which make them easy tagets for hacking. Laptops belonging to healthcare executives often lack sufficient measures to secure information in the event of theft. These problems are reminiscent of the 2017 WannaCry ransomware attack on the UK's NHS, facilitated by system-wide use of an outdated version of Windows Operating System which lacked new security patches.

Try our Darknet Intelligence/Forensics tool for free, contact enquiries@slcyber.io

Latest News from Searchlight

20 May 2021

Is all press good press? DarkSide, Colonial Pipeline and Ransomware-as-a-Service

This article explores the darknet structures and relationships sustaining the ransomware ecosystem, and enquires whether the consequences of DarkSide's attack against Colonial Pipeline will affect the continued growth of this lucrative cybercriminal enterprise.


03 Mar 2021

Zero-day exploit in Accellion FTA leads to data compromise of multiple companies

This article evaluates the recent slew of data breaches suffered by a range of major organisations as a result of vulnerabilities in the soon-to-be-retired Accellion File Transfer Appliance, as well as the implications of suspected involvement by notorious ransomware gang Cl0p.


06 Jan 2021

Covid-19 and the darknet: deceit, disinformation and disruption

Since the beginning of the coronavirus pandemic, darknet actors have exploited the heightened sense of fear and uncertainty for financial and even political gain. In tandem with the much-anticipated rollout of vaccines for the disease in multiple countries worldwide, actors have renewed efforts at Covid-related fraud, disinformation, and cyber-espionage.


02 Dec 2020

The quest for Monero deanonymisation and potential impacts on darknet markets

Monero, often hailed by darknet users as the most private cryptocurrency available, has recently been the subject of efforts by security researchers to deanonymise and trace its transactions. How will Monero's potential traceability affect the illicit trade that occurs on darknet markets?