2 min read

After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy

Graham CLULEY

February 12, 2021

After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy
  • Highly sensitive notes from therapy sessions were published online in an attempt to blackmail patients
  • Hackers bragged about the poor state of firm’s security

Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt.

Vastaamo’s problems first began in 2018, when it discovered that a database of customer details and – most shockingly – notes from therapy sessions had been accessed by hackers.

You would like to think that security would then be tightened up, but in March 2019, Vastaamo CEO Ville Tapio knew that hackers had in the months since continued to access the chain of private psychotherapy clinics’ systems.

Astonishingly, Tapio did not share that critical information with the appropriate authorities or with other members of Vastaamo”s board – perhaps because he had been responsible for setting up the database’s security himself.

It was only in October 2020 that the truth finally came out, and the criminals published batches of the sensitive records on the dark web. The hackers initially demanded a ransom payment from Vastaamo of about 450,000 euros, before inviting patients to pay approximately 500 euros if they wanted their data taken down.

An estimated 40,000 patients were affected by the breach.

In online posts, the hackers bragged about the poor state of Vastaamo’s security.

Tapio was subsequently fired, and replaced as the company’s CEO.

The damage, however, was too much for Vastaamo, which has clinics across Finland, to take.

The harm caused by the criminal hackers and the subsequent damage done to Vastaamo brand was simply too great, and the company announced this week that it had been placed in liquidation.

The company has come to an agreement with Verve, another psychotherapy practice based in Finland, that patients can continue to make appointments through them with their therapist or psychiatrist.

In the meantime, patients are being urged not to give in to the ransom demands, and report any communications they receive from the extortionists with the police.

In January, Finland’s social insurance institution Kela said that it was terminating its contract with Vastaamo – not because of the security breach, but due to an inspection discovering that some of the firm’s therapists were not adequately qualified.

According to data collected by security researcher Adrian Sanabria, Vastaamo is one of less than two dozen companies to have been ruined by a data breach, and “is the largest so far, at 400 employees.”

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read