A psychotherapy facility in Finland was recently breached and the patients was blackmailed by the hackers. Read on to know more…
Cybercriminals are becoming increasingly vicious and their extortion tactics are no less than a ghastly nightmare for victims. The Finnish psychotherapy facility Vastaamo was breached and the hackers have started blackmailing the patients into paying thousands of euros and threatening to leak their data online. Given the scale of the attack and the sensitive nature of the stolen data, the recent data breach has become a national story in Finland.
The attackers have claimed to have the session records of 40,000 patients and demanded a ransom of €450,000 in bitcoins. Records of 300 patients have already been published on a website on Tor and the remaining victims are being pressurized into paying a ransom of €200, which will increase to €500 after 24 hours.
Cybersecurity researcher Mikko Hyppönen told Finnish newspaper Ilta-Sanomat that the breach is probably the work of more than just one person. The case is highly unusual, according to the researcher, in that it’s rare to see this level of blackmail in a health care data breach. Hyppönen is research director for Helsinki-based F-Secure.
Damage Control
Vastaamo, which operates as a subcontractor for Finland’s national health system, said that as far as it knows, patient data created after November 2018 was not breached.
Vastaamo has opened a crisis hotline for patients to call, with therapists available for free, and said that it is working with credit-reporting organizations to protect the personally identifiable information of anyone affected by the breach. Vastaamo, which operates as a subcontractor for Finland’s national health system, said that as far as it knows, patient data created after November 2018 was not breached.
Finnish police are still investigating, hindered by the long interval between breach and extortion demands. They are not even sure whether the extortionists are the same people as the initial attackers.
Various Extortion Campaigns
Hackers impersonating the Lazarus Group and Fancy Bear to extort money from financial institutions and technology and manufacturing companies, respectively. The threat actor has been threatening to launch powerful DDoS attacks in case of non-payment of ransom.
In another instance, companies across the world received extortion emails asserting to launch massive DDoS attacks unless they pay a set ransom of 20 BTC, which increases by 10 BTC every day the ransom is not paid. Travelex is allegedly one of the recipients of this threat. Earlier this month, SunCrypt ransomware gang started launching DDoS campaign threats in an attempt to extort several high-profile victims.
Conclusion
Globally, attacks on health care organizations have escalated as cybercriminals look for higher-value targets.
The first thing to note about these threats is that they are not empty and the attackers have followed through on every extortion threat. Moreover, the criminals in their ransom notes have mentioned that there is no other way to protect the victims apart from paying the ransom. Thus, this has become a huge concern for security agencies across the globe.