Hackers demand €500 ransom from patients after compromising psychotherapy centre

Patients started receiving personal demands after Finnish clinic Vastaamo refused to pay €450,000

A hacking group has demanded ransom payments from patients of a psychotherapy centre in Finland in exchange for deleting their stolen records.

Finland's Interior Minister Maria Ohisalo said on Sunday that police are working with Interpol and Europol to investigate a data breach that may have compromised the personal information of nearly 40,000 patients.

"This wasn't the first time and it definitely won't be the last time, unfortunately" Ohisalo told News Now Finland.

"I think we've been prepared, but we need to be more prepared, and we need to train all kinds of different hazards - maybe where many different kinds of risks come together at the same time," she added.

The details of the incident were first disclosed last Wednesday after a local tabloid paper claimed to have seen the personal and mental health data of hundreds of patients of the Vastaamo clinic posted on the dark web.

It was said that the hacking group had initially demanded €450,000 ransom from Vastaamo in exchange for deleting the records permanently, but then started sending ransom letters to patients after Vastaamo refused to "take responsibility for their own mistakes".

Vastaamo patients revealed that they had received ransom demands from hackers for €200 to €500 in bitcoins in return for having their data deleted from online forums.

Vastaamo, a Helsinki-based privately-run psychotherapy centre, offers psychiatric and psychological treatment to patients suffering from disorders such as anxiety and depression. Many clients of Vastaamo come from public services paid by the Finnish Social Security.

On Wednesday, Vastaamo confirmed the data breach on its website, stating that it had informed the Finnish National Cyber Security Centre, the Office of the Data Protection Ombudsman and the National Supervisory Authority for Welfare and Health (Valvira) about the matter. The company also said that hackers were unable to compromise the patient data entered into the database after November 2018.

Vastaamo did not provide details regarding when the hacking incident took place or about its extent, although it did say that its data security systems were being more effectively monitored. The company said that it has taken all appropriate steps "to clarify the matter in cooperation with external and independent security experts".

On Friday, media reports said that the website of the extortionists went down for a few hours, but reappeared again on the encrypted Tor network. The website's disappearance sparked rumours that Vastaamo had likely paid €450,000 ransom to hackers to stop their activity.

"What makes this case exceptional is the contents of the stolen material," Marko Leponen, the National Bureau of Investigation's chief investigator, told reporters.

Vastaamo is advising clients not to pay any ransom to hackers and to immediately contact Finnish police if they receive an extortion demand from the hackers.