Anxious patients, storming the standards of therapy centers: Finland faces massive hacking of data after thousands of patient records in psychotherapy were stolen – some of which have been published, amid blackmail.
Faced with what she describes as
extremely serious data breach, the Minister of the Interior Maria Ohisalo wanted on Monday to reassure the population so that they do not turn away from mental health services in this country of 5.5 million inhabitants which, if it has been crowned several times the
happiest in the world by the UN, is also the European country most affected by mental illness.
According to OECD data, in 2018 almost one in five Finns suffered from psychological disorders.
thousands patients have already filed complaints, and many have said they have received emails in which hackers demanded 200 euros (CAN $ 310) in bitcoins to prevent the dissemination of content from their discussions with therapists.
These data were stolen from the private company Vastaamo, which operates 25 psychotherapy centers across the country.
We are investigating, among other charges, aggravated security breach and extortion, Robin Lardot, head of the judicial police, told reporters, adding that the number of affected patients could reach tens of thousands.
Vastaamo, who apologized, announced Monday evening that he had fired his CEO Ville Tapio, after the findings of an internal investigation which revealed that he had concealed from the Board of Directors and the company's parent company a data leak in 2019.
The company admitted flaws in the security of its customers' data,
which allowed criminals to enter the database until March 2019Vastaamo said in a statement.
For the Finnish cybersecurity company F-Secure, this is the
very first case of using ransomware to blackmail individuals on this scale.
Vastaamo was the subject of blackmail at the end of September, reported to the authorities, who advised him not to make it public at that time to protect the investigation. The hackers' messages didn't start going to patients and staff until this weekend.
Security experts have reported that a 10 gigabit file containing private exchanges between at least 2,000 patients and their therapists has appeared on the hidden web (dark web).
The leak, which targeted some of the most vulnerable people in society – including children – caused consternation in the country.
People are rightly worried not only for their own safety and health, but also that of those close to them.
On Monday, police and government departments opened a site for victims of the cyberattack, which aims to provide advice, including not paying the ransom demand.
Do not contact the extortioner, the data has most likely already been leaked elsewhere, can we read there.
Read also :
- Class action request against LifeLabs following the data theft
- Over 28 million Canadians victims of data breaches in one year
- Clinical trials: data from thousands of Quebecers compromised
Overwhelmed help centers
Mental health and victim support associations said Monday they were inundated with calls from people fearing that their conversations with their therapist would be made public.
Among the victims, a former lawmaker tweeted a screenshot of the ransom message accompanied by a provocative response to the hackers.
Will make you see! Seeking help is never something to be ashamed of, wrote Kirsi Piha.
According to Mikko Hyppönen, research director at F-Secure, only one other similar case of blackmail is known to date: in 2019, a facial reconstruction clinic in Florida had a lot of data stolen, but in
On Monday, the Finnish social services regulatory authority said it was investigating Vastaamo's practices, including how patients were kept informed of the leak.
For the head of the national agency for digital services (DVV) Kimmo Rousku, the cyberattack could have been avoided if Vastaamo had used better encryption.