Vastaamo data breach

2022-09-25 11:58:23

Vastaamo was a Finnish private psychotherapy service provider founded in 2008. On 21 October 2020, Vastaamo announced that its patient database had been hacked. Some of the information has been used to extort both the service provider and its clients and ended up on the dark net. The extorters demanded 40 bitcoins, roughly 450,000 euros, or threatened to publish the records. To add pressure for their demands, the extorters published hundreds of patient records a day on a Tor message board. After the extortion of the company failed, the extorters sent emails to the victims demanding them to pay ransoms in order to avoid publishing their sensitive personal data. The ransom demands were sent to roughly 30,000 victims. The company's security practices were found to be inadequate: the sensitive data was not encrypted and anonymized and the system root did not have a defined password. The patient records were first accessed by intruders in November 2018, while the security flaws continued to exist until March 2019.

Vastaamo was a Finnish private psychotherapy service provider founded in 2008. On 21 October 2020, Vastaamo announced that its patient database had been hacked. Some of the information has been used to extort both the service provider and its clients and ended up on the dark net. The extorters demanded 40 bitcoins, roughly 450,000 euros, or threatened to publish the records. To add pressure for their demands, the extorters published hundreds of patient records a day on a Tor message board. After the extortion of the company failed, the extorters sent emails to the victims demanding them to pay ransoms in order to avoid publishing their sensitive personal data. The ransom demands were sent to roughly 30,000 victims. The company's security practices were found to be inadequate: the sensitive data was not encrypted and anonymized and the system root did not have a defined password. The patient records were first accessed by intruders in November 2018, while the security flaws continued to exist until March 2019.
Read article on Wikipedia