Patients of a large psychotherapy clinic in Finland have been contacted individually by a blackmailer after their data was stolen, including personal identification records and notes about what was discussed in therapy sessions.
One victim reported that after refusing a roughly 403,000 pound ransom, it was reduced to 180 pounds, and would rise after 24 hours, leading to release of the data 72 hours later.
About 300 records have already been published on the dark web.
Why do we care?
I’d been watching for the first direct extortion-ware incident, and while I won’t say it’s the first, it’s now there, and “in production” so to speak.
Now the criminals are have moved beyond attacking the data holders to those whose data was breached. Think about the implications here on business reputations for those who fall victim to this… and the business savvy on the criminal side. I’m expecting criminals to continue to build out their tech and their automation here.
How much is it worth to protect your data again?