FOLLOW
Follow
The nightmare of many people revealing their innermost feelings and thoughts in their therapy sessions has come true in Finland.
A group of
hackers
has accessed the records of the mental health company Vastaamo, which runs 25 psychology centers in the Nordic country, Finnish police revealed last week.
Cybercriminals have had access to all the confidential information that hundreds of patients share with their therapists.
In exchange for not making the treatments and conversations with their psychologists public, the hackers ask each patient for 200 euros in bitcoins.
"We are investigating a security crime and extortion, among other charges," said Robin Lardot, director of the Finnish National Bureau of Investigation, last weekend, according to
The Guardian
.
Lardot added that they believed the number of patients whose records had been compromised stood in the tens of thousands.
In more detail, he reported that on the
dark web
, the Internet zone hidden from conventional search engines, a 10-gigabyte file had appeared containing private notes between at least 2,000 patients and their therapists.
Although some data has already been leaked, cybercriminals continue to blackmail patients.
“With the publication of part of the data that they have stolen, what cybercriminals are showing is that they are not lying, that they really have the information they claim to have,” explains Óscar Lage, Tecnalia's cybersecurity expert.
"It is a common strategy to put more pressure on the victims."
The Finnish authorities have created a website for the victims of the cyber attack, where they are asked not to pay for the blackmail.
Lage agrees that this is the best thing to do.
"When they ask for such a low amount, it is because they want it to be accessible to anyone, that people do not think about it and pay," explains the expert.
“But no one should.
What happens when you agree to what they ask is that cybercriminals know to whom the information is most important, who is willing to pay and who is not.
And it is possible that, if they give them the 200 euros, they will ask for more money ”.
Furthermore, no one can assure patients that cybercriminals will not leak the information even if they receive the money.
"They could have already sold the data to a company that wants to use it for advertising, for example," says Lage.
"Medical information is one of the best paid on the
dark web
."
How these types of attacks happen
Details on exactly how the attack was carried out have not emerged, but in these cases, according to Lage, the most common is that cybercriminals send emails with a Trojan - a malicious program that disguises itself as
harmless
software -
to stealing the data of this particular company, which is known as
spear phishing
.
Once a malicious email is opened by a worker, cybercriminals can access the information stored on your computer, spread to other computers, and even hijack them.
"Malicious emails sent with this type of attack have a higher open rate than usual because they are highly personalized," Lage explains.
Once they have access to patient information, they proceed to try to blackmail them.
After the attack was made public, Vastaamo, the mental health company, said it had launched an internal investigation and the current security of its database had been verified.
He noted that the actual robbery is believed to have occurred two years ago.
"According to current information, no data has been leaked since November 2018," the firm's president, Tuomas Kahri, told the
Helsingin Sanomat
newspaper
.
In these types of actions, cybercriminals usually spend between 100 and 200 days on average collecting information.
The effect on the health of the victims
The
hack
, targeting some of the most vulnerable people in society, including children, has caused widespread commotion in the Nordic country.
The ministers met last Sunday to discuss how to support patients whose data had been leaked and some private cybersecurity companies are trying to intercede.
Mikko Hyppönen of data security firm F-Secure announced in a tweet that his company was willing to track payments that had already been made in an attempt to repay the victims.
This message from security expert @mikko to those affected by the #Vastaamo hack / extortion.
Mikko Hyppönen invites any who have paid the #bitcoin ransom to email him with details of the transaction so the recipient cryptowallets can be identified & the currency's movement traced.
https://t.co/gLK6Y0WKfx
- World Ethical Data Forum (@WEDF_forum) October 28, 2020
The peculiarity of this attack is that, in addition to extorting patients, it also puts their mental health at risk.
Those affected, anguished, flooded the support services that the institutions had made available to them when the leak became known.
The anguish at thinking that their most intimate thoughts are available to anyone on the web generates feelings of very high stress and anxiety that can aggravate their ailments or the disorders for which they were going to therapy, according to Julia Vidal, health psychologist and director from the Human Area clinic.
"The consultation is a safe and intimate place, and the confidence that what is discussed there is confidential and that no one is going to know or judge it is essential to establish a good relationship between the therapist and the patient", explains Vidal.
“If that trust goes away, therapy is greatly affected.
A theft of confidential patient data is a really serious problem ”.
Vidal is especially sensitive to cybersecurity: “The attack that happened in Finland reaffirms me how important it is to invest in the cybersecurity of patients.
Today it happened there, but you have to be prepared if it happens here.
There are no borders on the Internet ”.
