Security News Healthcare software provider data breach impacts 2.7 million


Level 78
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
ESO Solutions, a provider of software products for healthcare organizations and fire departments, disclosed that data belonging to 2.7 million patients has been compromised as a result of a ransomware attack.

According to the notification, the intrusion occurred on September 28 and resulted in data being exfiltrated before the hackers encrypted a number of company systems.

During the investigation of the incident, ESO Solutions discovered that the attackers accessed one machine that contained sensitive personal data.

On October 23, the company determined that the data breach caused by the ransomware attack impacted patients associated with its customers, including hospitals and clinics in the U.S. The type of data exposed includes the following:
  • Full name
  • Dates of birth
  • Phone number
  • Patient account/medical record number
  • Injury type and date
  • Diagnosis information
  • Treatment type and date
  • Procedure information
  • Social Security Number (SSN)
The exact types of data exposed vary per individual, depending on the details the patients provided to the healthcare organizations using ESO’s software and the care services they received.

The software vendor has informed the FBI and state authorities of the incident. All impacted customers were notified on December 12, and some of the affected hospitals started sending notices of a breach to their patients in the days that followed.

“At this time, we do not have evidence that your information has been misused,” reads the notification to impacted patients.

To mitigate the risk of the data breach, ESO offers 12 months of identity monitoring service coverage through Kroll to all notice recipients.

Jonny Quest

Level 17
Top Poster
Mar 2, 2023
It's bad enough that an individuals medical information is exposed then add the exposure of our Social Security #, it's nuts. Corporations have to be held responsible or they will never take it seriously.
Exactly what I was thinking. When I saw the list, that's what I scrolled down to see, if the SS numbers were involved. And it seems that most of these healthcare providers, unfortunately, need our SS numbers.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.