The Finnish police have already received almost 25,000 criminal complaints from victims of the leak of personal data of patients from the Finnish psychotherapy center Vastaamo, whose system has been hacked by extortionists.
Vastaamo, a private center with clinics in 20 cities throughout the country that provides psychological and psychiatric treatment services also for patients from the public health system, was the victim of unauthorized access by hackers for the first time in November of 2018.
Vastaamon tietovuodon uhrit ovat tehneet poliisille jo 25 000 rikosilmoitusta. Tutkittava kokonaisuus on poikkeuksellisen laaja. Ilmoitusten käsittelyn viivästymisellä ei ole vaikutusta esitutkinnan etenemiseen. Pyydämme ihmisiltä kärsivällisyyttä. Tiedote:https://t.co/INrmGBW6Bt
— Suomen poliisi (@SuomenPoliisi) November 9, 2020
The vulnerabilities persisted until March 2019, five months in which the confidential data from patients prior to those dates were exposed.
The information stolen could not be more sensitive for the patients: it included the names, personal identification numbers, telephone numbers, email addresses and residence addresses, together with the content of the therapy sessions.
The criminals threatened to publish 100 daily patient files in the encrypted network Tor if the company does not pay them 450,000 euros in bitcoins. Hundreds of those files have been already published. The victims also received individual blackmail messages from the extortionists, who demand ransoms of 200-500 euros in exchange for erasing their data.
CEO fired
The case, which has already rolled the head of the CEO of the company, who has been accused of hiding the data breach from the rest of the board of directors, has been under investigation by the police since 29 September 29. That day, Vastaamo asked the authorities for an investigation into the alleged theft of the data and the blackmail to which the firm was being subjected.
The crimes investigated by the police are aggravated hacking, aggravated invasion of privacy and aggravated blackmail.
The police said Monday they are "actively investigating" in co-operation with other Finnish and international authorities.
"The police will continue to investigate the crime along various lines of investigation. We currently have a lot of material to go through. The progress of the investigation will be announced as soon as possible," says Criminal Inspector Tero Muurman from the National Bureau of Investigation (Keskusriikospoliisi).
Support for the victims
Victims are offered help and guidance primarily online. The police website www.poliisi.fi and the website www.tietovuotoapu.fi have compiled operating instructions and information. A Frequently Asked Questions and Answers page will also be opened on the police website in the coming days in connection with the case.
The police also have a national helpline where victims can ask for advice at a general level if the necessary information is not available online. The helpline is open on weekdays from 8:00 to 16:00 in the phone number 0295 419 800.
Crime reporting can be done electronically on the Police website: www.poliisi.fi/rikokset/sahkoinen_rikosilmoitus
Any relevant information or hints related to this case can be sent to the police via www.poliisi.fi/nettivinkki