Ransomware Attack Forces Vastaamo into Bankruptcy

According to security researcher, Graham Cluley, “Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt. Vastaamo’s problems first began in 2018, when it discovered that a database of customer details and – most shockingly – notes from therapy sessions had been accessed by threat operators.

Ransomware Attack on Vastaamo

You would like to think that security would then be tightened up, but in March 2019, Vastaamo CEO Ville Tapio knew that threat operators had in the months since continued to access the chain of private psychotherapy clinics’ systems. Astonishingly, Tapio did not share that critical information with the appropriate authorities or with other members of Vastaamo’s board – perhaps because he had been responsible for setting up the database’s security himself.

It was only in October 2020 that the truth finally came out, and the criminals published batches of sensitive records on the dark web. The threat operators initially demanded a ransom payment from Vastaamo of about 450,000 euros, before inviting patients to pay approximately 500 euros if they wanted their data taken down. An estimated 40,000 patients were affected by the breach.”

The fallout of this incident is one of the worst outcomes possible for organizations to endure. It goes to show the necessity of immediately engaging with an incident response firm after becoming aware of a cyberattack, or allowing a security firm like SpearTip to continuously monitor and prevent cyberattacks. Vaastamo failed to do this, and threat actors took full advantage. SpearTip’s cyber professionals specialize in immediately responding to incidents, but being proactive by utilizing ShadowSpear® is how you could prevent the incident from happening in the first place. ShadowSpear® identifies the threats and stops them in their tracks before they can do harm to your business. Vaastamo’s actions should clearly display the need for cybersecurity in any industry, especially if your organization keeps personally identifiable information (PII).

SpearTip’s cyber experts continuously monitor environments 24/7 in our US-based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you are experiencing a breach, please call our Security Operations Center at 833.997.7327.