Finnish Psych Patients Blackmailed Following Breach – CEO Perspective

A data breach at Vastaamo, a Finnish nationwide psychotherapy practice, has resulted in the blackmailing of hundreds of patients. Excerpts (via Google Translator) of Vastaamo’s press release: “The Board of Directors of Psychotherapy Center has relieved the company’s CEO from office… On Wednesday, October 21, 2020, the psychotherapy center said that it had been the victim of a data breach and blackmail…  it seems probable that the data breach that led to the theft of the customer database took place in November 2018. There has been a lack of protection in the customer information system of the correspondence, which criminals have gained access to at that time… the system has also been able to infiltrate until mid-March 2019. We do not know that the database was stolen after November 2018, but it is possible that individual data has been viewed or copied.”

Experts Comments

October 28, 2020
Dan Piazza
Technical Product Manager
Stealthbits Technologies
Unfortunately, it's clear many attackers have no shame and there's no ethical boundary they're not willing to cross to make a profit. So far, the attacker has only leaked 300 patient records, however it's unclear how much more sensitive data they hold. This is when having an audit trail of all sensitive data in an organization can help identify specific data repositories that were breached, and which remain untouched and secure. While that information can't undo the damage done by the initial.....Read More
Unfortunately, it's clear many attackers have no shame and there's no ethical boundary they're not willing to cross to make a profit. So far, the attacker has only leaked 300 patient records, however it's unclear how much more sensitive data they hold. This is when having an audit trail of all sensitive data in an organization can help identify specific data repositories that were breached, and which remain untouched and secure. While that information can't undo the damage done by the initial attack, it can help calculate the remaining risk of additional data leaks from the breach and also start the process of better securing breached networks and data repositories against future threats. This attack also highlights the common issue of long dwell times, as the data breach seemingly went unnoticed for almost two years (with initial network penetration occurring as early as November 2018). While the ultimate defensive goal is still to prevent attacks from occurring in the first place, organizations need software tools in place to detect breaches after the fact. Being in the network for so long, the attacker may have done much more than just stolen data. They could have installed additional, dormant malware, opened back doors, or found ways to spread to related networks. Long dwell times drastically increase risk, by giving attackers a larger foothold to potentially return to the network to wreak additional havoc.  Read Less
October 28, 2020
Saryu Nayyar
CEO
Gurucul
Ransomware and data theft attacks have become the norm for cybercriminals. Stealing patient records and blackmailing them with that information is something new. This attack, in particular, shows a level of callousness from the attacker that is hard to comprehend. While the financial damage in this attack is relatively minor, the emotional harm to the victims is incalculable.
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts