Millions of people across the U.S. had their information exposed following a ransomware attack on a company that provides software to hospitals and emergency medical services.
The data theft occurred before the gang attempted to encrypt the information.
The company told regulators in Maine that 2.7 million were affected by the data breach.
The FBI is investigating the incident, and ESO was ultimately able to restore its systems and operations thanks to having backups.
The company has also notified the U.S. Department of Health and Human Services' Office for Civil Rights as well as several state attorneys general.
Since its founding in 2004, ESO has provided software to emergency medical service agencies, fire departments, hospitals, state and provincial offices, and federal agencies.
It is unclear if this is a full list of the affected ESO customers or not.
The company did not respond to requests for comment about how many hospitals had information stolen, which ransomware group was behind the incident and whether a ransom was paid.
Victims will be provided with either one or two years of free credit monitoring services from Kroll based on what information was leaked.
Several facilities, including Florida's Manatee Memorial Hospital, released notices to local news outlets about the incident.
The attack caps a devastating year for ransomware incidents involving hospitals and their suppliers.
Last week, a prominent cancer center based in Seattle dealt with ransomware hackers attempting to extort patients, and dental insurance giant Delta Dental of California filed breach notification documents in Maine and California saying nearly 7 million patients were affected by a ransomware gang's attacks on a popular file transfer software this summer.
Ransomware attacks on Westchester Medical Center Health Network, Norton Healthcare, Tri-City Medical Center, Capital Health, Ardent Health Services and Prospect Medical Holdings over the last six months have left dozens of hospitals scrambling to provide patient care amid near-catastrophic technology outages.
Recorded Future - the parent company of The Record - reported at least 19 ransomware attacks on healthcare facilities last month and steep increases in incidents throughout 2023.
A study from University of Minnesota researchers released in October found that ransomware incidents increased the in-hospital mortality for patients admitted to attacked hospitals.
The researchers estimate that from 2016 to 2021 between 42 and 67 Medicare patients died as a result of the outages caused by ransomware attacks.
Cybercriminals target UAE residents, visitors in new info-stealing campaign.
Jonathan has worked across the globe as a journalist since 2014.
Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.
He previously covered cybersecurity at ZDNet and TechRepublic.
This Cyber News was published on therecord.media. Publication date: Wed, 20 Dec 2023 16:00:13 +0000