Hackers used Data Breach for blackmail of Vastaamo Healthcare firm

November 13, 2020
Vastaamo healthcare ransomware attack malware data breach

A previous hacking incident involving a Finnish healthcare firm, Vastaamo, just became the highlight of another, more sinister ransom campaign in which analysts consider the evilest concept to ever come out of the cybercrime drawing board. It comes as a shock, even for other hacking groups, evaluating how they used all aspects of their attack to further their monetary gains.

The ransomware attack on Vastaamo 2-years ago (2018) became a hacking incident statistic, with a devastating follow-up in 2019. The data breach was only made known a few months ago when a few employees were notified by the hacking group. The hackers could successfully execute both attacks and acquire the targeted item – user/patient records. Vastaamo is a psychotherapy healthcare institution with almost 50,000 patients treated under their belt. Considering the nature of their practice, Vastaamo houses very confidential and sensitive patient records, of which some are considered high-profile. Even the CEO was dismissed due to allegations claiming that he was aware of the breach.


The tens of thousands of Vastaamo patient records acquired by the hackers were used to demand a ransom of half a million US dollars in Bitcoin.


This was the standard model of payment requested by hackers in exchange for the stolen records. When a ransom is not paid, the hackers will then sell the Dark Web information for other interested parties. Ransomware has become a widely-used weapon for hackers, especially for targeted organizations like banks and other financial institutions. Hackers have almost always managed to acquire a financial company’s valuable asset and demand a large sum in return. Banks and other similar finance-related firms invest heavily in cybersecurity and infrastructure to protect their data and customers’ information.

But as they fortify their defenses, hackers have always been resourceful and persistent in their ways. Finding more and more loopholes and vulnerabilities on the following companies’ systems to infiltrate and acquire sensitive information. This is how things are for these threat actors. But this was not enough for the hacking group that targeted Vastaamo, no sir. If that wasn’t enough, the hacker group has started reaching out to the affected patients and demanding ransom money individually. As mentioned earlier, it can’t get more evil than that.

Initial reports and investigations show more than 300 individuals were contacted and reported to their local law enforcement. These patients are contemplating whether to sue Vastaamo or its officials. However, Finnish laws most likely wouldn’t allow for such. The owner is distraught and is exploring legal options against its acquisition from the previous proprietors, including other undisclosed information.

Nevertheless, there is no telling whether more patients were contacted outside of the initial 300. Or if the other ones were tricked into paying such ridiculous amounts of money for information that should’ve been protected in the first place.

Vastaamo’s primary concern and immediate action to consider is to upgrade their cybersecurity right away and patch any and all possible loopholes that might be used to infiltrate their systems. Secure all their patients’ information and provide all possible assistance to help in their ordeal. Coordinate with local and government agencies to ensure that all possible avenues are taken to prevent any similar intrusions from occurring soon.

About the author

Leave a Reply