[BreachExchange] Psychotherapy centre's database hacked, patient info held ransom

[Destry Winant]

https://yle.fi/uutiset/osasto/news/psychotherapy_centres_database_hacked_patient_info_held_ransom/11605460

The privately-run psychotherapy centre Vastamo announced that
sensitive information about its clients was leaked after its database
was recently hacked, according to a company release issued on
Wednesday.

The Helsinki-based company said that the hackers who stole the data
made attempts to extort money in exchange for its return.

Vastamo's board chair, Tuomas Kahri, told Yle that the National Board
of Investigation is looking into the matter.

However, Kahri did not reveal the amount of personal data that was
leaked, nor when the centre's database was hacked.

In its announcement about the incident on its website, the company
said that customer data entered to the database after November 2018
had not been compromised. The firm said it had also contacted the
National Cyber Security Centre, the National Supervisory Authority for
Welfare and Health (Valvira) and the Office of the Data Protection
Ombudsman about the matter.

The company statement said its data security systems had undergone an
audit and are being more effectively monitored.

Tabloid paper Ilta-Sanomat was first to report on the matter. The
publication said it had seen what it described as personal information
about patients posted online, including sensitive data including their
names.

"As a company that provides psychotherapy services, the
confidentiality of customer information is extremely important to us
and is the starting point of all our operations. We deeply regret the
leak due to the hack. We are constantly developing our information
security and data protection, and we will take additional measures
when our internal investigations and regulatory probes are complete,"
Kahri said in the statement, adding that the firm had not announced
the leak previously due to the ongoing police investigation.