Interior Minister Maria Ohisalo (Green) says a cyber attack on Vastaamo psychotherapy centre computer systems, which may have resulted in as many as 40,000 patient records being held for ransom, is “a serious, outrageous and cowardly attack.”
Details of the data breach were first made public last Wednesday, and since then 10GB of private patient data is said to have been uploaded to the dark web, with thousands of Vastaamo patients filing crime reports, after receiving ransom demands to pay €200 to €500 in bitcoins if they want to have their private data permanently deleted.
“This wasn’t the first time and it definitely won’t be the last time, unfortunately” Ohisalo told News Now Finland in a Sunday night phone call.
“I think we’ve been prepared, but we need to be more prepared, and we need to train all kinds of different hazards - maybe where many different kinds of risks come together at the same time” she added.
The scale of the case has gripped Finland as it unfolded over the weekend, with the magnitude of the data breach, and the threats to individuals, striking a sinister tone. However, there’s also been a sense of national unity on display in newspapers, on television and in social media as the public rallies around the blackmail victims and media outlets vow to respect their privacy by not publishing any patient records.
The hackers initially wanted €450,000 from Vastaamo, but in their ransom letters to patients, they say “as the management of this company has refused to take responsibility for their own mistakes, we will have to ask you to keep your personal data safe” before demanding money.
Authorities involved in investigation
Although Vastaamo is a private company, Ohisalo says several government ministers will be meeting about the issue this week - including the ministers of defence, justice, and transport and communications. Finland’s Cyber Security Centre, and the National Bureau of Investigations NBI are already involved.
At a Sunday press conference NBI’s Robin Lardot said his officers were investigating the hacking and cases of aggravated blackmail, extortion and other possible crimes.
However he wouldn’t be drawn on whether these were Finnish hackers, or an international group, with Minister Ohisalo also confirming that NBI is cooperating with Interpol and Europol on the investigation.
“They unfortunately have the whole world, the whole globe, as the field they are researching right now” says Ohisalo.
Police have urged anyone who receives a ransom demand to file an electronic police report and not to pay any money.
Personal stories reveal response to blackmail attempts
Ohisalo says that on a state level, there has been a lot of preparations to combat potential cyber attacks, but that during the coronavirus crisis many activities moved online “and obviously we need to put more effort also into how our officials act in the cyber environment.”
“Finland has been in general in many fields quite well prepared for quite many different occasions. And we’ve trained all kinds of different situations especially at my ministry it’s part of the everyday life that we train together with the different officials, so that when something happens we are prepared and we are ready” explains Ohisalo.
Meanwhile stories have started to emerge from people who received the ransom demands.
One well-known media personality shared their story on Instagram with a picture of the email that arrived from the blackmailers and the robust response:
“Look, you pathetic human trash. I’ve been through hell”
“Unfortunately, I’m stronger than ever today, you picked the wrong opponent. I’m going to do everything I can to catch you. And we will. I’m looking forward to that moment a lot” they wrote, receiving dozens of supportive messages from well-wishers.