ESO Solutions, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

ESO Solutions, Inc., a provider of software solutions for hospitals, health systems, EMS agencies, and fire departments, experienced a significant data breach following a ransomware attack that occurred on September 28, 2023. The breach affected approximately 2.7 million individuals, with the attackers gaining access to and encrypting certain internal systems of the company[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15].

The compromised data varied by individual but may have included names, addresses, phone numbers, dates of birth, Social Security numbers, injury types and dates, treatment dates and types, patient account and/or medical record numbers, insurance and payer information, and other sensitive personal and protected health information[1][2][3][4][9][10][12].

ESO Solutions detected the suspicious activity within its network on September 28, 2023, and took immediate action to isolate its systems and prevent further unauthorized access. The company engaged third-party digital forensics experts to investigate the attack and determine the extent of the unauthorized access. The forensics team confirmed on October 23, 2023, that the attackers had access to parts of the network containing personal and protected health information[1][4].

The attack was reported to the Federal Bureau of Investigation, and ESO Solutions has cooperated with the FBI during the investigation. Although a ransom demand was issued by the attackers, ESO Solutions was able to recover the encrypted files from backups and did not indicate whether a ransom was paid. The company began mailing notification letters to affected individuals on December 12, 2023, and offered complimentary credit monitoring and identity theft protection services through Kroll[1][2][7][8].

Several healthcare organizations were known to have been affected by the breach, including Ascension Providence Hospital in Waco, Baptist Memorial Health Care System, CaroMont Health, Community Health Systems, ESO EMS Agency, Forrest Health, HCA Healthcare, Memorial Hospital at Gulfport Health System, Providence St Joseph Health, Tallahassee Memorial HealthCare, Universal Health Services, and Valley Health System, among others[1][2][3][9][10].

In response to the breach, class action lawsuits have been filed against ESO Solutions, alleging that the company failed to implement reasonable and appropriate industry-standard security measures, did not properly train staff members on data security protocols, failed to detect the breach in a timely manner, and did not issue timely notifications to affected individuals. The lawsuits seek a jury trial, class action certification, damages, injunctive relief, and attorneys’ fees[1].

ESO Solutions is headquartered in Austin, Texas, and was founded in 2004. The company employs over 500 people and generates approximately $227 million in annual revenue[10][12].

Citations:

  1. https://www.hipaajournal.com/eso-solutions-data-breach/
  2. https://www.securityweek.com/eso-solutions-data-breach-impacts-2-7-million-individuals/
  3. https://www.rgj.com/story/news/money/business/2024/01/03/eso-data-breach-impacts-northern-nevada-medical-center-sparks-reno/72088950007/
  4. https://www.jdsupra.com/legalnews/eso-solutions-data-breach-update-eso-6676886/
  5. https://apps.web.maine.gov/online/aeviewer/ME/40/bd939a31-70fd-4f7c-99cf-d6b87906489f.shtml
  6. https://tuxcare.com/blog/eso-solutions-healthcare-data-breach-impacts-2-7-million/
  7. https://www.tmh.org/news/2023/disclosure-regarding-eso-inc-breach-and-patient-information
  8. https://healthitsecurity.com/news/healthcare-software-company-notifies-2.7m-individuals-of-data-breach
  9. https://www.bleepingcomputer.com/news/security/healthcare-software-provider-data-breach-impacts-27-million/
  10. https://www.forthepeople.com/blog/27-million-affected-eso-solutions-inc-data-breach/
  11. https://phishingtackle.com/articles/eso-solutions-hit-by-major-ransomware-attack-impacting-2-7-million-patients/
  12. https://www.jdsupra.com/legalnews/eso-solutions-files-notice-of-data-6401033/
  13. https://www.paubox.com/news/eso-solutions-announces-data-breach-impacting-15-hospitals
  14. https://www.msdlegal.com/blog/2023/12/eso-solutions-inc-data-breach-class-action-lawsuit-investigation/
  15. https://www.myinjuryattorney.com/eso-solutions-data-breach-class-action-investigation-and-lawsuit-assistance/
Breach Submission Date Dec 18, 2023
Converted Entity Name ESO Solutions, Inc.
Converted Entity Type Business Associate
State TX
Individuals Affected 2,700,000
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes