Psychiatric health data thief extorting individual patients

Thousands of people in Finland have filed police complaints over ransom demands after a large amount patient data was stolen from a psychotherapy centre in the Nordic nation.

Security vendor F-Secure's chief research officer Mikko Hyppönen said on social media that therapists' notes for possibly up to 40,000 patients were stolen in the hack.

Victims have been contacted by the extortionist who is asking each person for €200 (A$332), payable in Bitcoin cryptocurrency.

The attacker calls himself ’ransom_man’, and is running a Tor site on which he has already leaked the therapist session notes of 300 patients. This is a very sad case for the victims, some of which are underage. The attacker has no shame.

— @mikko (@mikko) October 24, 2020

Sensitive information of at least 300 people has already been published online, sparking fears for the victims' health and safety.

The Vastaamo therapy centre, too, has received a ransom demand of €500,000 (A$830,360) from the extortionists for the return of the data.

Last week, Vastaamo issued a statement saying its patient database appeared to have been hacked once in November 2018 and then again for for a period of over three months until March 2019.

The psychotherapy centre treats patients for the cities of Oulu and Tampere univiersity hospitals, which includes children and young people.

Vastaamo doesn't know at this stage whose data was taken in the hacks.

The president of the Republic of Finland, Sauli Niinistö, condemned the crime as particularly cruel in Finnish media.

Niinistö said the hack affects and hurts everyone, and showed the importance of cyber security and data protection.

He asked that people who come across the stolen data be responsible and not view or share it.

The healthcare sector worldwide has become a target for cyber criminals over the past few years, as lack of funding for IT security leaves systems open to often devastating attacks that halt treatment and leak sensitive data.