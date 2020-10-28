Finnish Psych Patients Blackmailed Following Breach – CEO Perspective

A data breach at Vastaamo, a Finnish nationwide psychotherapy practice, has resulted in the blackmailing of hundreds of patients. Excerpts (via Google Translator) of Vastaamo’s press release: “The Board of Directors of Psychotherapy Center has relieved the company’s CEO from office… On Wednesday, October 21, 2020, the psychotherapy center said that it had been the victim of a data breach and blackmail…  it seems probable that the data breach that led to the theft of the customer database took place in November 2018. There has been a lack of protection in the customer information system of the correspondence, which criminals have gained access to at that time… the system has also been able to infiltrate until mid-March 2019. We do not know that the database was stolen after November 2018, but it is possible that individual data has been viewed or copied.”

EXPERTS COMMENTS
Dan Piazza, Technical Product Manager,  Stealthbits Technologies
October 28, 2020
Being in the network for so long, the attacker may have done much more than just stolen data. They could have installed additional, dormant malware,
Unfortunately, it's clear many attackers have no shame and there's no ethical boundary they're not willing to cross to make a profit. So far, the attacker has only leaked 300 patient records, however it's unclear how much more sensitive data they hold. This is when having an audit trail of all sensitive data in an organization can help identify specific data repositories that were breached, and wh
[Read More >>]
Saryu Nayyar, CEO,  Gurucul
October 28, 2020
This attack, in particular, shows a level of callousness from the attacker.
Ransomware and data theft attacks have become the norm for cybercriminals. Stealing patient records and blackmailing them with that information is something new. This attack, in particular, shows a level of callousness from the attacker that is hard to comprehend. While the financial damage in this attack is relatively minor, the emotional harm to the victims is incalculable.
[Read More >>]

