Company bankruptcies caused by cyber breaches have so far been rare, but the recent case of Vastaamo may possibly set alarm bells for similar organisations that don’t take data and cyber security with the utmost importance.

In October 2020, therapy clinic Vastaamo has fired its CEO Ville Tapio in the wake of a disastrous data breach which has seen patients’ personal details, as well as notes of what has been discussed in confidential therapy sessions, exposed.  After demanding Vastaamo pay a ransom of 450,000 Euros, the hacker has emailed victims in an attempt to extort 200 Euros worth of Bitcoin.  Victims were told that if they didn’t pay 200 Euros, the ransom would rise to 500 Euros after 24 hours, and then sensitive information would be published online after 72 hours had elapsed.

Vastaamo’s problems first began in 2018, when it discovered that a database of customer details and notes from therapy sessions had been accessed by hackers.  By March 2019, Vastaamo CEO Ville Tapio did discover that hackers managed to breach the clinic’s systems in the months since. However, Tapio unwisely did not share this vital knowledge with the relevant authorities or other members of the board of Vastaamo.

Finally the reputational damage and trust breakdown caused by the incident was simply too great, and the company announced on 12-Feb-21 that it had been placed in liquidation.

Click the button below to read more.