A ransomware attack hit the database of the Finnish company Vastaamo, which operates 25 psychotherapy centers, and resulted in more than 4,000 of its patients losing medical records. Yle Media was the first to report the case.
Ransomware authors leaked some of the stolen data
The Helsinki-based company said of Tuomas Kahri, chief executive officer, that a judicial investigation is ongoing. The ransomware affair hit the headlines in Finland after hackers posted 2,000 medical patient records online.
In the same category
The FBI accuses six Russian hackers of being behind MacronLeaks
As in all cases of classic ransomware, hackers demand a ransom in return for data recovery. In contrast to traditional ransomware, where the companies concerned have to pay, the hackers here have reached out to the families of the patients in order to claim their financial loot.
Vastaamo data theft is nothing new as it dates back to November 2018. The case accelerated towards the end of September 2020 when hackers threatened to reveal any stolen data. In order not to hinder the ongoing investigation, the Finnish authorities asked hackers not to take any action. According to sources close to the investigation, Vastaamo was asked for a ransom of 450,000 euros for the first time. Only after the rejection did the hackers change their mind. They are now turning to patients and demanding payment of up to 500 euros in Bitcoin. Otherwise, your medical data will be published on the Internet and therefore freely accessible.
And time is running out as the hackers followed up on their threat and overridden authorities’ requests by posting the medical records of 2,000 patients, including minors, on Tor. This data includes the patient’s name, telephone number, email address, and postal address, as well as the content of the therapy sessions.
An approach that rocked Finland and was not used to this type of practice. This is confirmed on Twitter by the Chief Research Officer of the Finnish cybersecurity company F-Secure, Mikko Hypponen: “Here in Finland a very unusual ransomware case is going on: A private psychotherapy clinic has been hacked. and treatment notes for perhaps as much as 40,000 patients have been stolen. The attacker has now sent an email to the victims demanding a ransom of 200 euros for Bitcoin each. The attacker calls himself “ransom_man” and runs a Tor site on which he previously published notes on therapy sessions for 300 patients. It is a very sad case for the victims, some of whom are minors. The attacker has no shame ”.
The scandal also had an impact on the management of the Vastaamo company. Indeed, an internal investigation unmasked the CEO, who would have been aware of the flaws in the security system for several months but was careful not to reveal them. “As a company providing psychotherapeutic services, the confidentiality of customer information is extremely important to us and the starting point for all of our operations. We deeply regret the leak due to piracy, ”said Tuomas Kahri.
A government website opened on Monday to help victims of the ransomware. In particular, they are asked not to pay the ransom or deal with hackers. Thousands of complaints have already been uncovered in this country of just over 5 million people.
Medical data, the black gold of the black market
Medical data has a compelling value in the black market. In an article on safe thoughts, cybersecurity expert Jeremiah Fowler stated, “Medical data is the most valuable and is bought and sold on the dark web every day. The company Trustwave released a report in which black market medical records are valued at $ 250 each, while credit cards sell at $ 5.40 per unit. It’s easy to see why cyber criminals want to target the most valuable data before anyone else. “”
Medical data theft raises a sensitive ethical question. In times of pandemic when many health systems around the world are on the verge of collapse. A crisis situation that even led some hackers to give hospitals a break and promise a truce. It was March. A promise that has unfortunately not been kept for 6 months. A ransomware targeting a German hospital caused the death of a woman. The news, listed as the first ransomware-related death, had alarmed the public. The victim was ordered to drive 30 km after the ransomware-affected hospital refused treatment.
This type of cyber attack has not spared France as the Rouen University Hospital was paralyzed by ransomware in November 2019.