Finnish local media is reporting new developments in the ransomware incident involving the Vastamo psychotherapy center. The attacker has been regularly leaking sensitive information to coerce the practice into paying ransom as authorities continue to investigate the incident.
Earlier this month, the psychotherapy practice with offices across almost the entirety of Finland confirmed its systems had been hacked. The attackers had made off with patient data, threatening to publish it to eager fraudsters on the dark web. To avoid the conundrum, the medical practice would have to pay ransom.
The story pretty much ended there. Local authorities told Vastamo to keep disclosure to a minimum as investigators sift through the data in an effort to catch the hackers. Those efforts are still ongoing, but new details are surfacing.
As reported by local news outlet Ilta-Sanomat, the breach itself occurred in the fall of 2018. Why the attackers did nothing with the stolen data is a mystery. For one reason or another, they made their ransom demands this month, and the amount is steep: 450,000 Euros in digital currency, according to the report.
Vastamo reportedly refused to negotiate with the aggressors. During this time, the perps tried to coerce the firm into paying by releasing chunks of the stolen patient data on the web – hundreds of records at a time, including “content of therapy sessions,” the report notes.
The site then reveals that a lone attacker was behind the hack, but that he is part of a larger hacking group whose victims extend beyond Finland and beyond the medical community (Google-translated):
“The blackmailer says the group he represents has also broken into four other organizations, none of which are Finnish. It is alleged that these have paid ransoms of similar size or larger. Others are not actors in the field of therapy, but they also contain sensitive personal information alongside trade secrets.”
During an exchange with the extortionist, the site insisted that these actions could push some patients to suicide. The extortionist reportedly said he didn’t care if that happens. In fact, he reportedly went as far as to contact individual victims with smaller ransom demands.
The extortionist has so far leaked 300 patient records on the dark web.
If the Ilta-Sanomat news story is accurate, Vastamo appears to have caved in and paid the hacker’s demands.
More details about the company’s efforts in the wake of the incident can be found on its official website.