Hackers Breach Psychiatric Practice in Finland, Hold Patient Data to Ransom


Hackers have breached a psychotherapy practice in Finland and are holding patient information to ransom, the victim company said in a notice this week.

Vastaamo has offices in around two dozen cities in Finland, including the capital, Helsinki. The firm has announced it has fallen victim to a hacker attack.

“An unknown hostile party has been in contact with Vastamo and claims to have obtained confidential information from the company’s customers … We are aware that some of our customers have leaked confidential information as a result of the breach. According to current information, customer data recorded after November 2018 has not been compromised,” it says.

Nowhere in the notice does the company mention a ransom, but according to local news outlet newsnowfinland.fi, the attackers indeed made such a request. The amount demanded is unknown.

Vastaamo has notified local authorities of the breach and has started its own internal investigation.

“In addition, Vastamo took immediate steps to clarify the matter in cooperation with external and independent security experts,” according to the announcement.

The firm’s technicians have hardened systems against further tampering “and their use is more effectively monitored by security professionals,” the notice reads.

“We do our best to find out what happened and work with the authorities to prevent the spread of confidential information,” reads a Google-translated version of the notice sent out by the psychiatric practice.

Tuomas Kahri, chairman of the Board of Vastaamo, issued the following (machine translated) statement:

“As a company providing psychotherapy services, the confidentiality of customer information is extremely important to us and the starting point for all our operations. We deeply regret the leak due to the breakthrough. We are constantly developing our data security and data protection and will take additional measures when our own investigations and regulatory investigations are completed. Due to the ongoing police investigation, we have not received a message on the subject before, as for technical reasons the investigation has not been made public,” said Kahri.

It’s not certain whether Vastaamo is dealing with a ransomware attack, but all signs point to one. In the past year, ransomware operators have not only encrypted but also downloaded the victim’s data, threatening to make it public or sell it to fraudsters in a bid to coerce victims into paying. Of course, even if the victim pays a ransom, nothing stops the perps from selling the data on the dark web anyway.

Vastaamo promises to keep customers updated with the latest information and directs members of the media to the company’s chairman for inquiries.

In situations like these, the victim company has a moral obligation to tell customers how to spot fraud attempts or phishing scams that leverage their personal information for credibility. Victim companies should also offer free credit card monitoring to those affected.

If you are a Vastaamo customer, keep a close eye on your bank statements and don’t reply to any unsolicited emails or text messages asking for your login credentials, or any other personal information for that matter.

If you have a password-protected account with Vastaamo and you’ve used that password on other services on the web, set up new passwords for each one of those other services.