Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResilienceCybersecurity NewsHospitals & Medical Centers

Hackers are blackmailing Vastaamo psychotherapy patients

cybersecurity-blog
October 27, 2020

A company that offers psychotherapy to thousands of patients across Finland says it’s been the victim of a data breach, with the personal information of customers held for ransom. Vastaamo, which sees patients in 20 cities including Helsinki, Joensuu, Jyväskylä, Pori, Turku and Tampere, says “an unknown hostile party” got in touch with them saying they had obtained customer details.

“As a company providing psychotherapy services, the confidentiality of customer information is extremely important to us and the starting point for all our operations. We deeply regret the leak due to the data breach” says Tuomas Kahri, Vastaamo’s Chairman of the Board in a statement. “We are constantly developing our information security and data protection, and we will take additional measures when our own investigations and regulatory investigations are completed.”

At first, sources reported that the hacker had demanded approximately half a million dollars not to dump the data. However, this was not confirmed by Vastaamo, who explained they had notified the public and patients as soon as the government authorities gave them permission to do so. In addition, Ilto-Sanomat reports the hacker - who calls himself "RAMSON_MAN" - contacted them and is allegedly demanding 40 btc (450,000 euros).

The attacker has also reportedly dumped hundreds of patient files on a dark web site, and is also contacting other individual patients with blackmail demands — either pay the attacker(s) ransom or have their psychotherapy records dumped. Vastaamo issued an update, noting that other patient records may have been breached. 

Ray Kelly, principal security engineer at WhiteHat Security, a San Jose, Calif.-based provider of application security, says, “What is interesting about this incident is that it has evolved from a basic data leak and ransom attack to a targeted blackmail situation. While all leaks, especially related to a patient’s health are sensitive, this type of data is not as simple as a case of high blood pressure. The attackers ability to disclose a patients psychological records can be immensely damaging to a person’s reputation and affect many aspects such as relationships or their career. The incentive for someone to pay the malicious actor is very high in this situation.”  

According to Jack Mannino, CEO at nVisium, a Falls Church, Virginia-based application security provider, “Many small to mid-sized medical healthcare providers and private education institutions rapidly became technology shops this year as the pandemic hit. In many cases, basic security controls and protections have been largely ignored, often due to the absence of understanding or the resources to tackle these challenges. Unfortunately, these institutions often don't have the in-house capabilities to perform security monitoring and continuous hardening of their environments. As their attack surface continues to increase, the patient data will remain a target across healthcare providers and schools.”

With nearly 70 percent of Americans agreeing they’d sever ties with their healthcare provider if they found that their personal health data was not being properly protected – this latest news is a clear indicator of data security concerns here in the U.S. rapidly expanding on a global scale. 

“In the case of Vastaamo, it appears that the organization may have been aware of prior breach activity and/or challenges with their security posture as we saw the CEO let go earlier today.  Healthcare leaders need to take notice that their responsibility does not stop with a patient's physical or mental health but it also extends to their digital health," explains CynergisTek CEO Caleb Barlow. “The situation at Vastaamo underscores the importance of institutions having an independent and impartial third party security assessment on an annual basis to ensure that a strong security program has been implemented and to validate that controls are working properly."

 “During the pandemic we know that mental health visits are one of the most popular solutions for telehealth, but the situation at Vastaamo underscores the importance for providers to re-evaluate their security posture and controls. As much as telehealth has accelerated by 5-10 years during the pandemic, we need to ensure that security controls have accelerated at a similar rate to protect this information," adds Barlow. 

KEYWORDS: cyber security healthcare security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • electric-vehicle-freepik1170.jpg

    Electric vehicles are taking over. Hackers are waiting

    See More
  • doctor in hospital

    Why hackers are attacking healthcare more frequently?

    See More
  • Gaps in Cybersecurity Programs

    NSA warns hackers are forging cloud authentication information

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing