Nearly 3 million affected by ransomware attack on medical software firm

Siva Ramakrishnan
Millions of people across the U.S. had their information exposed following a ransomware attack on a company that provides software to hospitals and emergency medical services.

Millions of people across the U.S. had their information exposed following a ransomware attack on a company that provides software to hospitals and emergency medical services.

In documents filed with several state regulators, Austin-based ESO Solutions said it “detected and stopped” a “sophisticated” ransomware attack on September 28 but determined on October 23 that the hackers had still been able to access personal and patient health information located on one of its impacted systems. The data theft occurred before the gang attempted to encrypt the information.

“This incident impacted data belonging to patients associated with ESO’s customers, including certain personal information and medical treatment information. This information included names, dates of birth, injury type, injury date, treatment date, treatment type and, in some cases, social security numbers,” they explained in a breach notification letter first sent out on December 12 and also posted on their website.

The company told regulators in Maine that 2.7 million were affected by the data breach. The FBI is investigating the incident, and ESO was ultimately able to restore its systems and operations thanks to having backups. The company has also notified the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) as well as several state attorneys general.

Since its founding in 2004, ESO has provided software to emergency medical service agencies, fire departments, hospitals, state and provincial offices, and federal agencies.

It did not provide a full list of hospitals and companies affected but noted the hospitals where Maine residents had information stolen:

Mississippi Baptist Medical Center
Merit Health Biloxi
Merit Health River Oaks
Forrest General Hospital
Alaska Regional Hospital
Memorial Hospital at Gulfport
Providence Kodiak Island Medical Center
Providence Alaska Medical Center
Manatee Memorial Hospital
Desert View Hospital

It is unclear if this is a full list of the affected ESO customers or not. The company did not respond to requests for comment about how many hospitals had information stolen, which ransomware group was behind the incident and whether a ransom was paid.

Victims will be provided with either one or two years of free credit monitoring services from Kroll based on what information was leaked.

Several facilities, including Florida’s Manatee Memorial Hospital, released notices to local news outlets about the incident.

The attack caps a devastating year for ransomware incidents involving hospitals and their suppliers.

Last week, a prominent cancer center based in Seattle dealt with ransomware hackers attempting to extort patients, and dental insurance giant Delta Dental of California filed breach notification documents in Maine and California saying nearly 7 million patients were affected by a ransomware gang’s attacks on a popular file transfer software this summer.

Ransomware attacks on Westchester Medical Center Health Network, Norton Healthcare, Tri-City Medical Center, Capital Health, Ardent Health Services and Prospect Medical Holdings over the last six months have left dozens of hospitals scrambling to provide patient care amid near-catastrophic technology outages.

Recorded Future — the parent company of The Record — reported at least 19 ransomware attacks on healthcare facilities last month and steep increases in incidents throughout 2023.

A study from University of Minnesota researchers released in October found that ransomware incidents increased the in-hospital mortality for patients admitted to attacked hospitals. The researchers estimate that from 2016 to 2021 between 42 and 67 Medicare patients died as a result of the outages caused by ransomware attacks.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Cybercriminals target UAE residents, visitors in new info-stealing campaign

Next Post

Indian tech giant HCL investigating ransomware attack

Related Posts

Python’s PyPI Reveals Its Secrets

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in GitHub, but a number in the popular Python package repository PyPI. PyPI,
Read More