Fraud Management & Cybercrime , Healthcare , Industry Specific
Millions of Patients Affected in Double-Extortion Attack
Hackers Crippled Systems, Stole Patient Data From ESO SolutionsHackers carried out a double-extortion ransomware attack on medical software company ESO Solutions, exposing personal details and healthcare information of 2.7 million U.S. patients and encrypting some of the company's systems.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
ESO Solutions said it had found "no evidence" that the stolen data had been misused yet. Calling data security one of its "highest priorities," ESO said it has secured its networks, implemented measures to confirm the security of its systems, restored operations via viable backups and initiated an investigation with help from forensic experts.
The Texas firm told regulators that it had stopped the ransomware incident on Sept. 28 and determined on Oct. 23 during an FBI investigation that the hackers had stolen personal data from one of the affected systems.
The company develops medical software and provides data solutions for hospitals, emergency medical services, fire departments and federal agencies.
The exposed information included names, phone numbers, addresses and Social Security numbers, and it may also comprise medical information of patient injuries, diagnosis and treatments, as well as insurance and payer information. Affected patients will have free access to an identity monitoring service.
Tallahassee Memorial HealthCare, which uses ESO's solutions, said in a notification that the breach had affected 9,566 of its patients.
ESO Solutions is the fourth healthcare-related company to be affected by a data breach in the last couple of months, after Perry Johnson & Associates, Welltok, Delta Dental of California and HCA Healthcare.