Finnish Psychotherapy Center Accessed by a Hacker or Hackers Now Demanding Ransoms


On Sunday, after hundreds and probably thousands of medical records at a private Finnish psychotherapy facility were hacked by a hacker or hackers now seeking ransoms, Finland’s interior minister called key Cabinet members to an emergency meeting.

Finnish Home Secretary Maria Ohisalo tweeted that authorities will “provide immediate disaster assistance to victims” of the Vastaamo psychotherapy centre security breach, an event she called “shocking and very serious.”

Vastaamo, which has 5.5 million branches in the Nordic country and acts as a subcontractor for the public health system of Finland, said that during two attacks that began almost two years ago, its customer registry with intimate patient information was possibly hacked.

In a statement late Saturday, Vastaamo said that the first incursion possibly took place in November 2018 and “it is probable that our (data) networks were also infiltrated between the end of November 2018 and March 2019.”

The centre said that at least 300 medical documents containing names and contact details using the anonymous Tor chat app had been released by the unknown perpetrator or perpetrators. “The blackmailer has begun actively contacting victims of the security breach with extort letters,” it added.

Up to ‘tens of thousands’ of Vastaamo consumers may have had their personal details hacked on Sunday, the National Bureau of Investigation reported. Police is also in Finland and overseas searching for the potential culprits.

It was not immediately clear whether the data stolen contained diagnoses, counselling session notes or other potentially harmful material. It was also not clear why the details just surfaced now.

The contents of the missing information are what makes this case unique, “Marko Leponen, the chief prosecutor of the National Bureau of Investigation assigned to the case, told reporters.”

Vastaamo urged clients receiving requests to pay cash in return for keeping their data confidential, reportedly thousands already, to contact the Finnish police immediately.

Finnish media announced that cyber criminals claimed Bitcoin ransoms of EUR 200 ($240) with the amount raised to EUR 500 unless paid within 24 hours. A ransom demand for 450,000 euros ($534,000) in Bitcoin was also allegedly obtained by the psychotherapy centre.

People responded with disbelief to the news. It also provoked remarks from the representatives of Finland. President Sauli Niinisto found “cruel” and “repulsive” blackmailing. Prime Minister Sanna Marin said “shocking in many respects” was the hacking of such classified information.

Mikko Hypponen, Chief Research Officer of Finnish data protection firm F-Secure, told Finnish public broadcaster YLE that even on an international basis, the situation was exceptional.

“Hypponen, one of Finland ‘s leading computer protection experts and an globally renowned speaker on cyber attacks, said,” I am not aware of any other situation anywhere in the world of such blatant abuse of medical information.

Hypponen also tweeted that he knew of “only one other instance of patient extortion that would be even slightly similar: Florida’s 2019 Center for Facial Reconstruction incident.” It was a separate medical area that had a lesser number of injuries, but it was the same general idea.

Different Finnish organisations, through direct dial-in numbers for churches and counselling facilities, have quickly organised ways to support the victims of the breach.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.