Saturday, October 24, 2020

Psychotherapy clinic in Finland was hacked, and the blackmailers have been posting patient names, addresses, and content of the therapy sessions

Yle:

The privately-run psychotherapy centre Vastamo announced that sensitive information about its clients was leaked after its database was recently hacked, according to a company release issued on Wednesday.

... [The company's chairman] did not reveal the amount of personal data that was leaked, nor when the centre's database was hacked.

...

Tabloid paper Ilta-Sanomat was first to report on the matter. The publication said it had seen what it described as personal information about patients posted online, including sensitive data including their names.

"As a company that provides psychotherapy services, the confidentiality of customer information is extremely important to us

Foreigner:

Extortionists demanded around 450,000 euros (in bitcoins) in exchange for not publishing the clinical and mental health data of thousands of people.

The criminals started to publish the data of 100 people every day in the encrypted web Tor two days ago.

...

The information published could not be more sensitive: it included the patient's name, personal identification number, telephone number, email address and residence address, together with the content of the therapy sessions.

Foreigner:

It seemed like the nightmare was over, but it was just a mirage. The website of the extortionists who have kidnapped and published the personal and mental health data of hundreds of customers of the Vastaamo psychotherapy center has reappeared on the encrypted Tor network.

In the morning, the website disappeared from Tor for a few hours. That sparked rumors about a possible payment by the company of the 450,000 euro ransom (in bitcoins) demanded by criminals to stop their activity.

However, the website reappeared in the afternoon.