ESO Solutions, a leading provider of data and software for emergency responders and healthcare organisations, recently faced a ransomware attack. As a result of this incident, around 2.7 million patients’ confidential information has been compromised.
ESO Solutions leads in software for emergency responders and healthcare in North America. Its cloud-based platform integrates health records, billing, data collecting, and analytics to improve patient outcomes. ESO Solutions has gained the trust of over 3,000 organisations, including EMS, fire departments, and hospitals.
The Austin, Texas-based business just posted on its website about a security breach. The disclosure claims that an unauthorised third party used ransomware to encrypt data on ESO’s servers, possibly compromising files containing personal information.
There is a significant risk associated with the breach of patient information, which includes names, addresses, and health information. The breach impacted US and Canadian hospitals, emergency services, and fire departments, exposing sensitive data. There is a risk of exposing confidential data, such as Social Security numbers.
As stated by ESO Solutions:
Our investigation determined that the unauthorized third party may have acquired your personal data during this incident. Please know that we have taken all reasonable steps to prevent the data from being further published or distributed and have notified and are working with federal law enforcement to investigate.
Data Breach Fallout and Response from ESO Solutions
On December 19, the company reported a major data breach to the Maine Attorney General’s Office, impacting 2.7 million individuals. On December 12, ESO started sending emails addressing the issue. Among those affected, Tallahassee Memorial HealthCare had over 9,500 patients. ESO immediately reported the event to both the FBI and state authorities.
The data breach involved the unauthorised access to a protected health information-containing email account belonging to an employee of ESO. ESO Solutions quickly secured the hacked email account and began a comprehensive investigation after discovering it, working with professional cybersecurity experts.
An investigation showed that between November 19 and November 30, 2020, an unauthorised individual had access to the worker’s email account. During this time, the intruder may have people’s names, birth dates, medical record numbers, and perhaps treatment information.
ESO collaborates with Ascension Providence and Manatee Memorial Hospital to inform patients about the breach. Other impacted facilities include Mississippi Baptist Medical Centre, Merit Health River Oaks, and Merit Health Biloxi. This has an effect on all the network’s medical facilities.
ESO Solutions is fierce in its dedication to protecting the privacy and security of personal information. To prevent such breaches, the organisation has proactively implemented improved security measures and consistent monitoring. ESO has temporarily taken its systems offline as a precaution.
The company is keeping the situation clear by actively corresponding with the organisations and people it has affected. Although the name of the ransomware group behind the attack is unclear, ESO’s statement shows the possibility of payment to assure the removal of compromised data.
Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology, you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks.