fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Finnish Psychotherapy Clinic Discloses Data Breach, Victims Extorted

Finnish Psychotherapy Clinic Discloses Data Breach, Victims Extorted

A large psychotherapy clinic in Finland is under heavy stress after a threat actor asked a ransom for a client database with confidential information stolen in a data breach that likely happened almost two years ago.

Thousands of patient records may be at risk as the private clinic is a nationwide practice with more than a dozen branches and other institutions contract its services.

Leaking records and extorting victims

Psychotherapy Center Vastaamo announced the incident last Wednesday, saying that the extortionist first contacted three of its employees in September, asking for 40 bitcoins (currently over $500,000) not to release stolen patient data.

The attacker threatened to publish patient data in an attempt to force the clinic into paying the ransom and kept their word. Since the public notice, they leaked at least 300 patient records on a site in the Tor anonymity network, according to a local source.

The matter escalated even further as the extortionist started to contact victims over email and asked for $240 in Bitcoin (EUR 200) to delete their records.

The messages have the subject line “Answering Office Information” and contain the recipient’s personal information.

Also Read: How To Make A PDPC Complaint: With Its Importance And Impact

The threat actor may have been encouraged to do this after several individuals finding the leak site offered to pay to have their information removed from the stolen database. For them, the blackmailer set a price of 0.05 Bitcoin (about $650), Ilta Sanomat reported.

The same newspaper said that the attacker “writes very good English” and that they rely on privacy-oriented email services. Initially, they used Tutanota, then switched to Protonmail and Cock.li, the latter allowing registration and usage over Tor and similar privacy services.

In a press conference on Sunday, the Finnish National Bureau of Investigation  confirmed that the number of leaked patient records amounts to tens of thousands. Laura Halminen of Helsingin Sanomat was able to confirm that the blackmailer leaked at least 2,000 patient records.

As per her report, the extortionist uploaded for a brief time a 10GB file with Vastaamo patient information including names, social security numbers, postal and email addresses, phone numbers, and therapists’ notes on patient appointments.

Pre-acquisition breach hidden

Vastaamo has been publishing updates about the incident almost daily since the initial public disclosure. Before this, the clinic informed the Finnish Cyber ​​Security Center, Valvira, and the Data Protection Commissioner.

Ethical hackers in Finland are also helping authorities, providing  the police any digital breadcrumbs they find on the extortionist, such as messages, screenshots of sites, and metadata.

Technical aspects of the hack are being investigated by cybersecurity company Nixu, who found that the incident likely happened in November 2018.

“Based on the investigations, it seems probable that the data breach that led to the theft of the customer database took place in November 2018”

– Vastaamo

This means that sensitive information of customers registered after the breach is not included in the leaks, Vastaamo clarifies in its notifications.

Also Read: Deemed Consent PDPA: How Do Businesses Comply?

It was not the only intrusion, though. In mid-March 2019, another breach occurred, and the CEO knew about it but decided to keep it a secret from the private clinic’s Board of Directors, authorities, and affected individuals.

Following this revelation, Vastaamo Board of Directors relieved Ville Tapio of his CEO position in the company.

It is not clear at this point in the investigation if the hackers stole the customer database but there is the possibility that the intruder viewed or copied the information.

The breach in March prompted steps that corrected the issues related to the protection of customer information, especially since Vastaamo was to be acquired by PTK Midco in May.

As part of the acquisition process, an external cybersecurity audit was commissioned in April-May 2019. It revealed no problems.

According to Vastaamo’s updates, Nixu’s investigation so far confirms that the clinic’s infrastructure did not have critical security vulnerabilities and did not suffer a cyberattack after March 2019.

PTK Midcon, owned by private equity firm Intera Partner, is the main shareholder of Vastaamo and started litigation on Monday about the acquisition process in May 2019.

Vastaamo is offering victims of the data breach support over the phone, advising on what to do if their private information has been leaked online.

Update [Oct 27, 2020]: Article updated with information from Laura Halminen and her report in Helsingin Sanomat.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us