Last Wednesday, Finnish Psychotherapy Center Vastaamo announced an incident in which a threat actor demanded an extortion payment in return for a promise not to publish a stolen patient database. Cybersecurity company Nixu, which is investigating the incident, found that the breach likely happened in November 2018. Any patients registered after that date are not currently believed to be involved in the breach. Unfortunately, a second breach occurred in March 2019 as well, though it is unknown if the intruder viewed or copied patient records this time.
The threat actor making demands first contacted three employees asking for 40 bitcoins not to release the stolen records. Since the public announcement, the actor has published over 300 patient records on a Tor website. To make matters even worse, the actor then decided to email each of the victims to demand $240 in bitcoin to remove their individual records from the site. Vastaamo is currently offering victims support via phone calls, giving advice on what to do if their records are published online.
