Personal Sensitive Data Hacked from a Psychotherapy Centre, Extortionist Asking for Bitcoins
In unfortunate news, personal sensitive data of almost 40,000 patients was hacked from a private psychotherapy clinic in Finland. The data might include therapist notes of patients, some of whom are said to be minors. The attacker has started sending out emails to the victim, asking each for Bitcoins worth 200 euro in ransom.
As per a Twitter thread, the attacker is apparently using a Tor site and has already leaked 300 patients’ data. The data dump of 300 patients includes very sensitive details such as full name, SSN, email, phone number, and therapist notes. The attacker is also threatening to drop data for 100 patients per day until 40 BTC’s ransom is met.
As of now, the deep-web Onion website where the leaked data was dumped is not accessible anymore. It keeps going back up and down every now, however. There are also speculations that either the psychotherapy center has paid the ransom or the attacker might have been caught. However, before the site went down, a 10GB file with thousands of patients’ data may have been downloaded.
The victims have also reported getting extortion emails asking for BTC worth 200 euro in ransom. These extortion emails are popping from a smileup(.)site domain. There are also images circulating on the deep web showing police personnel’s email addresses with poliisi(.)fi domain. Suggesting the victims also include personnel of Finland Police. The attacker called himself ransom_man on the Onion website, where he dumped 300 patients’ data so far.
Following this unfortunate news, netizens have started calling out the health service company for not properly securing the data. Some are also questioning the company’s seriousness regarding GDPR and patient data laws. People ask the company to give complete details over the cause of this data leak and how the attacker was able to do so. Some have also suggested finding the company with 4% of its revenue as a GDPR fine. Thus making sure these unfortunate events are not repeated.