If you see a therapist, it is likely that you share some of the most intimate details of your life with that person. These are details that define who you are, reveal information about your past, or even where you might be headed in the future.
There is a reason why conversations like these are confidential. If a patient's information shared with a therapist were released to the public, it could be detrimental to that person's mental health and well-being.
Unfortunately, this has become a real-life nightmare for many patients recently.
A very unique cyberattack has been reported involving a psychotherapy clinic in Finland and nearly all of its patients.
The attacker is demanding payment of 200 Euros from each patient to avoid their private conversations and information being published online. The attacker has already made some patients' information public to show that the threat is real.
Industry professional weighs in on psychotherapy attack
Twitter user Mikko Hyppönen (@mikko), who is the CRO at F-Secure, shared his thoughts on the cyberattack.
The attacker calls himself 'ransom_man', and is running a Tor site on which he has already leaked the therapist session notes of 300 patients. This is a very sad case for the victims, some of which are underage. The attacker has no shame.— @mikko (@mikko) October 24, 2020
The attacker has emailed patients of the clinic demanding payment of 200 Euros within 24 hours, or 500 Euros in 48 hours, all in Bitcoin.
The police have advised those affected by the attack to not comply with the hacker, to report the message, and to save the message as well as any other evidence of the attack.
Finland's National Bureau of Investigation (NBI) said it cannot tell if the extortionist is the original hacker or not.
Hyppönen continues in the thread to mention the only other cyberattack he recalls where patients were being blackmailed was a case in Florida involving a plastic surgery clinic.
Florida plastic surgery clinic cyberattack
Earlier this year, SecureWorld News covered that incident in which the The Center for Facial Restoration (TCFFR) in Florida was the victim of a cyberattack.
One of the doctors there was contacted by the hacker demanding ransom, and if the doctor failed to pay, 3,500 patients would have their confidential information publicly leaked.
Similarly to the situation with the psychotherapy clinic, the hacker followed up by contacting patients individually. The same demands were made: if they did not pay the ransom, their information would be published for the world to see.
Both of these attacks reveal how low some cybercriminals are willing to go to make money.