User:Ethic Factor1/Vastaamo

Lead
Vastaamo is a private firm with twenty-five therapy centers throughout Finland. Intera Partners acquired a majority stake in Vastaamo in June 2019.1 In October 2020, the company’s data breach became public. More than 25,000 patients reported the extortion to the police and the records of approximately 36,000 patients were stolen. The most intimate details of patients’ lives were posted on the internet. Furthermore, the hackers made off with patients’ information, including identity card numbers as well as the therapists’ notes. This cyber-attack rocked the nation, becoming the biggest criminal case in Finland history. It also turned into an international scandal and a cyber-attack unprecedented in its scope.5

Article body
Summary

Background

Responses

Investigation

Impact
The entire patient records that include extremely sensitive information about the private lives of the clients were exposed. The leaked database also contained psychotherapy clients ‘personal information, such as full names, home addresses, email addresses, social security numbers, names of the clinics where they received treatments, and the therapists and doctors’ notes from each session. The hackers stole the data of 400 employees and about 40,000 patients. The cyber criminals were looking to increase the cost to the victim and applied the tactic called double extortion. The hacker not only demand a ransom from Vastaamo but also small payments from individual patients- roughly 30,000 clients. This security breach was the largest criminal case in Finnish history.

Moving forward