Expert Comments

Finnish Psych Patients Blackmailed Following Breach – CEO Perspective

Expert(s): Security Experts
Expert(s): Security Experts

A data breach at Vastaamo, a Finnish nationwide psychotherapy practice, has resulted in the blackmailing of hundreds of patients. Excerpts (via Google Translator) of Vastaamo’s press release: “The Board of Directors of Psychotherapy Center has relieved the company’s CEO from office… On Wednesday, October 21, 2020, the psychotherapy center said that it had been the victim of a data breach and blackmail…  it seems probable that the data breach that led to the theft of the customer database took place in November 2018. There has been a lack of protection in the customer information system of the correspondence, which criminals have gained access to at that time… the system has also been able to infiltrate until mid-March 2019. We do not know that the database was stolen after November 2018, but it is possible that individual data has been viewed or copied.”

Experts Comments

Dot Your Expert Comments
Dan Piazza
October 28, 2020
Technical Product Manager
Stealthbits Technologies

Being in the network for so long, the attacker may have done much more than just stolen data. They could have installed additional, dormant malware,
Unfortunately, it's clear many attackers have no shame and there's no ethical boundary they're not willing to cross to make a profit. So far, the attacker has only leaked 300 patient records, however it's unclear how much more sensitive data they hold. This is when having an audit trail of all sensitive data in an organization can help identify specific data repositories that were breached, and which remain untouched and secure. While that information can't undo the damage done by the initial.....Read More
Unfortunately, it's clear many attackers have no shame and there's no ethical boundary they're not willing to cross to make a profit. So far, the attacker has only leaked 300 patient records, however it's unclear how much more sensitive data they hold. This is when having an audit trail of all sensitive data in an organization can help identify specific data repositories that were breached, and which remain untouched and secure. While that information can't undo the damage done by the initial attack, it can help calculate the remaining risk of additional data leaks from the breach and also start the process of better securing breached networks and data repositories against future threats. This attack also highlights the common issue of long dwell times, as the data breach seemingly went unnoticed for almost two years (with initial network penetration occurring as early as November 2018). While the ultimate defensive goal is still to prevent attacks from occurring in the first place, organizations need software tools in place to detect breaches after the fact. Being in the network for so long, the attacker may have done much more than just stolen data. They could have installed additional, dormant malware, opened back doors, or found ways to spread to related networks. Long dwell times drastically increase risk, by giving attackers a larger foothold to potentially return to the network to wreak additional havoc.  Read Less
Saryu Nayyar
October 28, 2020
CEO
Gurucul

This attack, in particular, shows a level of callousness from the attacker.
Ransomware and data theft attacks have become the norm for cybercriminals. Stealing patient records and blackmailing them with that information is something new. This attack, in particular, shows a level of callousness from the attacker that is hard to comprehend. While the financial damage in this attack is relatively minor, the emotional harm to the victims is incalculable.

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Hackers Steal Wealth of Data from Game Giant EA

Researchers Create Un-hackable Quantum Network, Expert Weighs In

Italian Government Announces National Cybersecurity Agency

JBS Pays $11 Million Dollars in Cyber Ransom

Malware Stole 1.2TB Private Data From 3 Mil PCs

Experts React: RockYou2021, Largest Password Leak

Colonial Pipeline CEO Grilled by Senate but Experts Think Different

Experts Inisght On Security Threats Of VPN And What Organisations...

Kent School’s Suffer Cyberattack With Systems Offline And Data Stolen

NY City Law Dept Computer Systems Hacked & Shut Down...

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy