Fraud Management & Cybercrime , Healthcare , Industry Specific

Millions of Patients Affected in Double-Extortion Attack

Hackers Crippled Systems, Stole Patient Data From ESO Solutions
Millions of Patients Affected in Double-Extortion Attack

Hackers carried out a double-extortion ransomware attack on medical software company ESO Solutions, exposing personal details and healthcare information of 2.7 million U.S. patients and encrypting some of the company's systems.

See Also: The Healthcare CISO’s Guide to Medical IoT Security

ESO Solutions said it had found "no evidence" that the stolen data had been misused yet. Calling data security one of its "highest priorities," ESO said it has secured its networks, implemented measures to confirm the security of its systems, restored operations via viable backups and initiated an investigation with help from forensic experts.

The Texas firm told regulators that it had stopped the ransomware incident on Sept. 28 and determined on Oct. 23 during an FBI investigation that the hackers had stolen personal data from one of the affected systems.

The company develops medical software and provides data solutions for hospitals, emergency medical services, fire departments and federal agencies.

The exposed information included names, phone numbers, addresses and Social Security numbers, and it may also comprise medical information of patient injuries, diagnosis and treatments, as well as insurance and payer information. Affected patients will have free access to an identity monitoring service.

Tallahassee Memorial HealthCare, which uses ESO's solutions, said in a notification that the breach had affected 9,566 of its patients.

ESO Solutions is the fourth healthcare-related company to be affected by a data breach in the last couple of months, after Perry Johnson & Associates, Welltok, Delta Dental of California and HCA Healthcare.


About the Author

Rashmi Ramesh

Rashmi Ramesh

Assistant Editor, Global News Desk, ISMG

Ramesh has seven years of experience writing and editing stories on finance, enterprise and consumer technology, and diversity and inclusion. She has previously worked at formerly News Corp-owned TechCircle, business daily The Economic Times and The New Indian Express.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.