CNN Reports Finnish Psych Center Hacked and Patients Blackmailed

By Jeffrey Jones Security Blog October 27, 2020

Helsinki, Finland (CNN) The confidential records of thousands of psychotherapy patients in Finland have been hacked and some are now facing the threat of blackmail.

Authorities are working to track down those patients who received emails threatening to disclose personal information unless the recipient pays the blackmailer. Some of the records have already leaked online.

Finnish police are working with other agencies to investigate the data breach that targeted Vastaamo, the country’s largest private psychotherapy center, which treats roughly 40,000 patients across the country.

“We are grateful for how various actors in society have helped the police,” said Marko Leponen, a detective inspector at Finland’s National Bureau of Investigation. “It is particularly great that citizens are urging all not to share this material on social media. Sharing such information fulfills the essential elements of an offence,” he added.

Some of the victims have received emails demanding payments in bitcoin to prevent the public disclosure of their personal information, which authorities are discouraging victims from doing. Instead, agencies are asking those patients to save extortion emails and other possible evidence they may have received and file a police report. Police have also discouraged people from paying the hackers, saying it will not ensure their data remains private.

Psychotherapy center Vastaamo’s office in the Malmi-Dstrict of Helsinki on October 26. Finland’s leaders have expressed dismay at the breach and said the victims need immediate support.

The country’s president Sauli Niinistö told Yle News on Sunday that the breach was “relentlessly cruel.” “We all have our inner personality that we want to protect. Now it has been violated,” he said. Vastaamo said it has started an internal inquiry into the matter and admitted on its website Monday that its patient database was first accessed by hackers back in November 2018. The company said security flaws continued to persist until March 2019.

The company also announced Monday it had fired its CEO, Ville Tapio, after it was discovered he concealed a breach from the company’s board and parent company.

Tapio said he did not know about the initial data breach back in November 2018, in a statement released Monday evening on his Facebook page. Finland’s transport and communications agency, Traficom, said on Monday it has worked with other public authorities to set up a website to help the victims.

Read the full Story Here

Jeffrey Jones / About Author

Jeff Jones is a Cyber Security Architect and Ethical Hacker for Topgallant Partners. He has been in Data Communications for over 35 years. He responsible for all day-to-day operations, technical consulting, and security design for Topgallant.

His expertise is in Security Program Design, Security Risk Analysis and Assessment and Cyber Security Testing to include Penetration Testing, Vulnerability Testing, Social Engineering, Phishing, Wi-Fi Exploitations, Password Cracking, Man-in-the Middle Attacks and Web Application Hacking.

He has a M.A. in Computer Resources Management from Webster University and a B.A. in Journalism from Purdue University. He is also a terrible golfer.