An extortionist has turned a breach of Finland’s Vastaamo mental health services provider into a nightmare for victims.
It seems that Vastaamo had at least one exposed database of patient information that was breached in November 2018 and likely again in mid-March 2019. It is unclear how many patients were affected, but the National Bureau of Investigation said on Sunday that the number could be in the tens of thousands.
The hacker or hackers running the extortion campaign have been demanding 200 euros’ worth of bitcoin, about $230, from victims within 24 hours of the initial ask, or 500 euros ($590) after that, or else they’ll make their information public. A hacker persona “ransom_man” has set up a site on the anonymous web service Tor that already lists leaked data from at least 300 Vastaamo patients. Finnish media reports also indicate that Vastaamo has received a demand for around $530,000 worth of bitcoin to keep the stolen data out of the public domain.