Vastaamo: Mental Health Clinic Operator
Risk to Small Business: 2.702 = Severe
In a bizarre incident, a ransomware gang has snatched up the patient records of a mental healthcare clinic chain in Finland and is demanding ransom payments from the patients instead of the business. Vastaamo had not initially publically disclosed the breach due to the sensitive nature of the information stolen but has been working with authorities to investigate the incident and mitigate the damage.
Individual Risk: 1.327 = Extreme
The cybercriminals have been contacting the patients whose information they’ve obtained, demanding that recipients must pay 200 euros within 24 hours, or if they don’t meet that deadline, 500 euros within 48 hours, to prevent the public release of their therapy records.
Customers Impacted: 400,000
How it Could Affect Your Customers’ Business: This is this company’s second major data breach – the CEO was just terminated for the first one a week ago. Failing to implement strict security awareness and data handling policies after an incident, especially when your company keeps sensitive information, is a recipe for disaster.