Hackers demand ransom from patients after a hacked Finnish healthcare provider declined to pay the ransom for the return of patient files. More details are discussed.

What Caused Hackers to Demand Ransom From Patients

Hackers Demand Ransom

Vastaamo, a Finnish organization that serves 40,000 patients with 22 locations across Finland, was targeted by hackers. Through the ransomware attack, hackers were able to access the psychotherapy notes of an unknown number of patients. The hackers then demanded 40 bitcoins (approximately $525,000) in exchange for not publicly posting the stolen files on the darkweb. Vastaamo declined to pay the ransom, causing hackers to release the psychotherapy notes of 300 patients, including prominent Finnish politicians.

After Vastaamo refused to pay the ransom, hackers began to reach out to 200 patients directly for payment. Hackers used the data stolen in the cyberattack to contact patients via email, demanding smaller amounts of money ($200 – $500) to avoid disclosure of their protected health information (PHI). Authorities advised patients not to pay the ransom, as payment is not a guarantee that hackers will not release the files to the public.

Let’s Simplify Compliance

Compliance and cybersecurity go hand-in-hand. Avoid breaches by becoming HIPAA compliant today!

Learn More!
HIPAA Seal of Compliance

“We are grateful for how various actors in society have helped the police. It is particularly great that citizens are urging all not to share this material on social media. Sharing such information fulfills the essential elements of an offence,” said Marko Leponen, a detective inspector at Finland’s National Bureau of Investigation.

The stolen information reportedly included health and personal information, psychotherapy notes, care plans, dates of visits, management goals and statements.

Upon discovery of the incident, Vastaamo conducted an internal investigation and found that their patient database had first been accessed by hackers in November 2018. The issues with their database security continued until March 2019. However, their CEO, Ville Tapio concealed the breach from their board and parent company. He has since been fired.

“This data breach is shocking in many ways. Victims now need support and help. Ministries are exploring ways to help victims. Action by municipalities and organizations are also needed,” stated Finland’s Prime Minister, Sanna Marin. 

Vastaamo began notifying affected patients on October 21.