Helsinki (AFP)
Anxious patients, storming the standards of therapy centers: Finland faces massive hacking of data after thousands of psychotherapy patient records were stolen - some of which have been made public, amid blackmail .
Faced with what she describes as an "extremely serious data breach", Interior Minister Maria Ohisalo wanted on Monday to reassure the population so that they do not turn away from mental health services in this country of 5.5 million inhabitants who, if they have been crowned the "happiest in the world" several times by the UN, are also the European country most affected by mental illness.
According to OECD data, almost one in five Finns suffers from psychological disorders.
Police say "thousands" of patients have already filed complaints, and many said they had received emails demanding $ 200 in bitcoin to prevent content from their discussions with therapists from being broadcast.
These data were stolen from the private company Vastaamo, which operates 25 psychotherapy centers across the country.
"We are investigating, among other charges, an aggravated security breach and extortion," Robin Lardot, head of the judicial police, told reporters, adding that the number of affected patients could reach several tens of thousands. .
Vastaamo, who apologized, also launched an internal investigation.
Quoted in the local press, the group assured that its database was "secure" and that "no data had leaked since November 2018", the hacking going back to at least two years.
- dismay -
Vastaamo had been the subject of blackmail at the end of September reported to the authorities who had advised him not to make it public at that time to protect the investigation.
The hacker messages didn't start going to patients and staff until this weekend.
Security experts have reported that a 10-gigabit file containing private exchanges between at least 2,000 patients and their therapists has appeared on the dark web.
The leak, which targeted some of the most vulnerable people in society - including children - caused consternation in the country.
"People are rightly worried not only for their own safety and health, but also for that of those close to them," Maria Ohisalo told reporters.
On Monday, police and government departments opened a site for victims of the cyberattack, which aims to give advice, including not paying the ransom demand.
"Do not communicate with the extortioner, the data has most likely already been disclosed elsewhere," it read.
- "Very unusual" leak -
Mental health and victim support associations said Monday they were inundated with calls from people fearing that their conversations with their therapist would be made public.
Among the victims, a former lawmaker tweeted a screenshot of the ransom message accompanied by a provocative response to the hackers.
"Go show yourself! Seeking help is never something to be ashamed of," writes Kirsi Piha.
"This is a very sad case for the victims, some of whom are minors. The attacker is not ashamed," computer security expert Mikko Hyppönen lamented on Twitter, adding that the author used the pseudonym "ransom_man" .
According to him, this leak is "very unusual" and only one other similar case of blackmail is known to date: in 2019, a facial reconstruction clinic in Florida had a lot of data stolen, but in "lesser quantity".
On Monday, the Finnish social services regulatory authority said it was investigating Vastaamo's practices, including how patients were kept informed of the leak.
For the head of the national agency for digital services (DVV) Kimmo Rousku, the cyberattack could have been avoided if Vastaamo had used better encryption.
The DVV has published a checklist for businesses to ensure their digital security is appropriate.
© 2020 AFP