Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Private Psychotherapy Notes Leaked in Major Finnish Hack

The confidential treatment records of tens of thousands of psychotherapy patients in Finland have been hacked and some leaked online, in what the interior minister said Monday was “a shocking act.”

The confidential treatment records of tens of thousands of psychotherapy patients in Finland have been hacked and some leaked online, in what the interior minister said Monday was “a shocking act.”

Distressed patients flooded victim support services over the weekend as Finnish police revealed hackers accessed records belonging to private company Vastaamo, which runs 25 therapy centres across Finland.

Thousands have filed police complaints over the breach, they added.

Many patients reported receiving emails with a demand for 200 euros ($236) in bitcoin to prevent the contents of their discussions with therapists being made public.

“The Vastaamo data breach is a shocking act which hits all of us deep down,” Interior Minister Maria Ohisalo wrote on her website on Monday.

Finland must be a country where “help for mental health issues is available and it can be accessed without fear.”

Ministers met for crisis talks this weekend, with further emergency discussions tabled for the coming week over the unprecedented data breach.

“We are investigating an aggravated security breach and aggravated extortion, among other charges,” Robin Lardot, the director of Finland’s National Bureau of Investigation, told a news conference at the weekend.

Lardot added that they believed the number of patients whose records had been compromised numbered in the tens of thousands.

On Monday evening, Vastaamo said it had fired its CEO, Ville Tapio, after an internal enquiry discovered that he had concealed a March 2019 data breach from the board and the firm’s parent company.

The firm admitted flaws in the security of its customer data, “which allowed criminals to break into the database up until March 2019,” Vastaamo said in a statement.

The company’s owner, PTK Midco Oy, on Monday launched court proceedings “in relation to its May 2019 purchase of Vastaamo,” the statement added.

– ‘Justifiably worried’ –

Security experts reported that a 10-gigabyte data file containing private notes between at least 2,000 patients and their therapists had appeared on websites on the so-called dark web.

The hack, which targeted some of society’s most vulnerable including children, has caused widespread shock in the Nordic country of 5.5 million, with ministers gathering on Sunday to discuss how to support the patients whose sensitive data had been leaked.

“It is absolutely clear that people are justifiably worried not only about their own security and health but that of their close ones, too,” Ohisalo told reporters late on Sunday.

On Monday, authorities launched a website for victims of the cyberattack, offering advice and telling them not to pay the ransom demand.

“Do not communicate with the extortionist, the data have most likely already been leaked elsewhere,” the “Data Leak Help” site said. 

Mental health and victim support charities reported being overwhelmed with calls from distressed people fearing that their intimate conversations with their therapists would be publicly released.

– Nothing ‘to be ashamed of’ –

One of the recipients of a blackmail threat, the former MP Kirsi Piha, tweeted a screenshot of the ransom message along with a defiant reply to the hackers.

“Up yours! Seeking help is never something to be ashamed of,” Piha wrote.

“I’ve seen a lot, but I haven’t seen this,” Mikko Hypponen, chief research officer at data security firm F-Secure said in a statement.

“I don’t think there’s a crime in our criminal history which would have more victims than this one.”

Hypponen, an internationally renowned cybersecurity specialist, said the perpetrator used the alias “ransom_man”, and said he was only aware of one other patient blackmail case, where a cosmetic surgery clinic in Florida had a smaller amount of data stolen in 2019. 

On Monday, Finland’s social care regulator said in a statement it was investigating Vastaamo’s practices, including how well patients were kept informed of the breach.

Meanwhile, the head of the state digital services agency DVV, Kimmo Rousku, said that the cyberattack could have been avoided if Vastaamo had used better encryption.

DVV published a checklist on Monday for firms to make sure their digital security is in order.

“Management needs to wake up,” Rousku told public broadcaster Yle.

A phone line offering legal advice had also been set up, the country’s consumer authority announced.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...