ESO Solutions has started notifying 2.7 million individuals that their personal and health information was compromised in a ransomware attack.
The incident occurred on September 28 and forced the company, a data and software provider for emergency responders, hospitals, and state and federal agencies, to take systems offline to contain it.
The attackers, the company says in an incident notice on its website, accessed and encrypted some of its internal systems, which it was able to safely restore using backups.
One of the compromised systems, ESO Solutions says, contained patient information, including names, addresses, phone numbers, and other sensitive personal information and protected health information.
In the notification letter sent to the impacted individuals, a copy of which was submitted to the Maine Attorney General's Office, ESO explains that dates of birth, injury type and date, medical treatment information, patient account and/or medical record number, insurance and payer information, and Social Security numbers might have been exposed in some cases.
SecurityWeek has not seen any ransomware gang taking credit for the attack and ESO does not say whether it paid out a ransom to the attackers.
ESO told the Maine AGO that 2.7 million individuals were impacted by the data breach and that it started mailing out letters to them on December 12.
Of the 2.7 million affected, more than 9,500 were Tallahassee Memorial HealthCare patients, the information of which was stored by ESO to facilitate the provision of services to the not-for-profit community healthcare organization.
Other hospitals and healthcare providers, including Ascension Providence and Manatee Memorial Hospital, are also notifying their patients of the incident.
This Cyber News was published on www.securityweek.com. Publication date: Thu, 21 Dec 2023 12:43:05 +0000