Police in Finland are hunting a hacker who has stolen tens of thousands of patient records from a psychotherapy centre and is blackmailing victims to keep the data private.
The cyber attacks, which started two years ago, have accessed the records of 40,000 patients from a centre run by Vastaamo, a private company that runs psychotherapy clinics across Finland.
The hacker initially demanded a ransom from Vastaamo but has since changed tack, approaching patients directly with demands for €200 in bitcoin — rising to €500 after 24 hours — in exchange for their records being deleted. About 300 notes from therapist sessions have already been leaked on to the dark web.
Finns have been shocked by the targeting of vulnerable people, including children, and local media has so far refrained from publishing any patient records.
“This affects us all. Data about each of us is continually being gathered across different platforms. It also affects us as we all have an innermost self that we want to protect. Now that’s been violated,” said Sauli Niinistö, Finland’s president, on Sunday.
Cyber experts said the ransom demands against the patients were almost unprecedented. Mikko Hypponen, chief research officer of cyber security company F-Secure, said on Twitter that he only knew of one smaller but comparable incident when hackers blackmailed a cosmetic surgeon in Florida over his patient records.
Finland’s centre-left government will discuss the hack at its regular Wednesday cabinet meeting after a smaller group of ministers met on Sunday night. Interior minister Maria Ohisalo called the attack cowardly and shocking, and promised emergency support for the victims.
Finland’s police said that thousands of crime reports had already been filed and urged victims not to pay the ransom. “What makes this case exceptional is the contents of the stolen material,” said chief investigator Marko Leponen.
Experts said the attack should act as a wake-up call on cyber security. Kimmo Rousku, the chief expert at the Digital and Population Data Services Agency, told state broadcaster Yle that Finland was less prepared for digital attacks than other threats to society. The Nordic country is well known for its preparedness against potential military attacks, which helped it deal with the early stages of coronavirus because of a large stockpile of medical equipment.
Vastaamo said it had suffered two potential breaches, first in November 2018 and then again before March 2019, but that it did not know whose data exactly had been stolen. It first revealed the hack on Wednesday after a Finnish newspaper said it had found confidential data online. The company said some of its employees had also been blackmailed as well as patients.