Imagine this: you’re a healthcare organization serving countless patients daily, and suddenly you find out that the personal data of millions of your patients have been compromised due to a ransomware attack. That’s precisely what happened to ESO Solutions, a software provider for healthcare organizations and fire departments. A ransomware attack on their systems resulted in the exposure of sensitive data belonging to 2.7 million patients.
The breach was discovered on September 28, and it was found that the hackers had accessed and exfiltrated data before encrypting several company systems. Upon further investigation, ESO Solutions discovered that the attackers had accessed a machine containing sensitive personal information.
What type of data was exposed?
On October 23, the company confirmed that the data breach had impacted patients associated with its customers, including hospitals and clinics in the U.S. The exposed data includes:
- Full name
- Dates of birth
- Phone number
- Patient account/medical record number
- Injury type and date
- Diagnosis information
- Treatment type and date
- Procedure information
- Social Security Number (SSN)
It’s important to note that the exact types of data exposed vary for each individual, depending on the information they provided to the healthcare organizations using ESO’s software and the care services they received.
How have authorities and customers been informed?
ESO Solutions has informed the FBI and state authorities of the incident. All impacted customers were notified on December 12, and some of the affected hospitals have already started sending notices of the breach to their patients in the days that followed.
As of now, there is no evidence that the exposed information has been misused. To help mitigate the risk of the data breach, ESO Solutions is offering 12 months of identity monitoring service coverage through Kroll to all notice recipients.
What does this mean for your business?
Unfortunately, these types of supply-chain breaches have become all too common in the healthcare space, impacting patient data safety and threatening the operational and financial stability of medical institutions. This incident serves as a stark reminder of the importance of robust cybersecurity measures for businesses of all sizes and industries.
As a business owner, it’s crucial to be aware of the potential risks and take proactive steps to protect your organization and customers from cyber threats. That’s where ZZ Servers comes in. Our team of experts can help you implement the necessary cybersecurity measures to safeguard your business and ensure the safety of your customers’ data.
Don’t wait until it’s too late – contact us today to learn how ZZ Servers can assist you in securing your business against cyber threats.