Cyberattack at ESO Solutions compromises patient identities of several U.S. healthcare providers and fire departments.
ESO Solutions, a provider of software products for healthcare organizations and fire departments, has confirmed that data belonging to 2.7 million patients has been compromised as a result of a ransomware attack that occurred at the cloud solutions provider on September 28th 2023.
According to the breach notice posted on ESO’s website, the intrusion occurred on September 28 and resulted in data being exfiltrated before the hackers encrypted a number of company systems.
During the investigation of the incident, ESO Solutions discovered that the attackers accessed one machine that contained sensitive personal data.
Class action lawsuits alleges ESO Solutions did not properly train staff members on data security protocols, failed to detect a breach of its systems and the theft of data in a timely manner, and then failed to issue timely notifications to the affected individuals. The lawsuits also allege that the data security failures violate the Health Insurance Portability and Accountability Act (HIPAA).
As a direct result of those failures, hackers gained access to the plaintiffs’ and class members’ sensitive data and the plaintiffs and class members now face an imminent and ongoing risk of identity theft and fraud and have suffered other injuries as a result of the breach and have incurred out-of-pocket expenses. The lawsuits seek a jury trial, class action certification, an award of damages, injunctive relief, and attorneys’ fees.
What Information Was Obtained?
On October 23, the company determined that the data breach caused by the ransomware attack impacted patients associated with its customers, including hospitals and clinics in the U.S. The type of data exposed includes the following:
- Full name
- Dates of birth
- Phone number
- Patient account/medical record number
- Injury type and date
- Diagnosis information
- Treatment type and date
- Procedure information
- Social Security Number (SSN)
The exact types of data exposed vary per individual, depending on the details the patients provided to the healthcare organizations using ESO’s software and the care services they received.
What Entities Are Affected By The Breach?
As of the time of writing, the following healthcare providers are confirmed to have been impacted by the ESO cyberattack –
- Mississippi Baptist Medical Center
- Community Health Systems Merit Health Biloxi
- Merit Health River Oaks
- ESO EMS Agency
- Forrest Health Forrest General Hospital
- HCA Healthcare Alaska Regional Hospital
- Memorial Hospital at Gulfport Health System
- Providence St Joseph Health (Providence Kodiak Island Medical Center)
- Providence Alaska Medical Center
- Universal Health Services (UHS) Manatee Memorial Hospital
- Desert View Hospital
- Ascension Providence Hospital in Waco
- Tallahassee Memorial
- Manatee Memorial Hospital
- CaroMont Health
The software vendor has informed the FBI and state authorities of the incident. All impacted customers were notified on December 12, and some of the affected hospitals started sending notices of a breach to their patients in the days that followed.
What Is ESO Solutions Doing To Protect My Identity?
To mitigate the risk of the data breach, ESO offers 12 months of identity monitoring service coverage through Kroll to all notice recipients.
Protect Your Identity – Join the ESO Class Action Lawsuit.
If you received a notification letter stating that your identity may be at risk, it is important that you act quickly and that you understand your legal rights and any compensation you may be entitled to. Please fill out the below form and a data breach lawyer will contact you to discuss your claim. There is no charge to you and no obligation on your part.