Violation in a psychotherapy clinic led to blackmail of patients

Two years ago, one took place cyber attack on a Finnish psychotherapy clinic, which ended in data theft and ransom demand. Now, it is said that criminals separately blackmail patients, whose data were stolen in this attack.

The attack on the clinic Vastaamo took place in November 2018 and led to the theft of a base data customers. However, a second violation is said to have taken place in March 2019. Vastaamo serves thousands of patients in approximately 20 areas across Finland.

The data breach came to light last month when an extortionist contacted three Vastaamo employees.

The data exposed, include personally data identity, but also information discussed in psychotherapy sessions.

According to the news agency Associated Press, The archives 300 patients of Vastaamo have been published on the dark web.

Vastaamo said it was working with law enforcement and had advised all patients the blackmailer had contacted to go to the police. The clinic described the incident as "a major crisis".

The psychotherapy clinic offers a helpline for affected patients, as well as a free session.

According to Finnish media, the government of the country held an emergency meeting on Sunday night. The Minister of the Interior, Maria Ohisalo, described the security incident and the subsequent blackmail as "critical".

A Vastaamo patient, who was approached by the blackmailer, stated that does not believe that the payment of ransom guarantees safety of his data.

The victim said that someone who describes himself as "the ransom guy", Contacted him to demand 200 euros ($ 236) in Bitcoin. The criminal also told him that he contacted him after Vastaamo refused to pay 40 Bitcoin ($ 515.632).

The blackmailer told the victim that if he did not pay within 24 hours, the ransom would increase to € 500 ($ 590). Deadline is 72 hours. If the money is not given by then, the blackmailer will publish notes from psychotherapy sessions, who made the victim as a teenager.

""These notes contain things I'm not ready to share with the world." "And someone threatening me with these notes definitely makes me feel very uncomfortable".

Finally, according to InfoSecurity Magazine, the victim said he could not afford the ransom, but even if he could pay he would not be sure of the safety of data of.