A ransomware attack occurred against ESO Solutions, a significant software provider for emergency services and healthcare.
This incident resulted from unauthorised data access and system encryption across many enterprise platforms.
Depending on the information patients have shared with their healthcare providers using ESO's software, a range of personal data was exposed in the hack. Among the compromised data are: complete names dates of birth Numbers to call Numbers for patient accounts and medical records Details of the injury, diagnosis, treatment, and procedure, and Social Security numbers.
It was established that patient data connected to U.S. hospitals and clinics that ESO serves as a client was compromised.
All notified parties will receive a year of identity monitoring services from Kroll through ESO to assist in reducing risks.
Source: https://heimdalsecurity.com/blog/major-data-breach-at-eso-solutions-affects-2-7-million-patients/
TPRM report: https://scoringcyber.rankiteo.com/company/caromont-health
"id": "car8525124",
"linkid": "caromont-health",
"type": "Ransomware",
"date": "10/2023",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'U.S. hospitals and clinics',
'industry': 'Healthcare',
'name': 'ESO Solutions',
'type': 'Software Provider'}],
'attack_vector': 'Unauthorised data access and system encryption',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['complete names',
'dates of birth',
'phone numbers',
'patient account numbers',
'medical records',
'details of the injury, '
'diagnosis, treatment, and '
'procedure',
'Social Security numbers']},
'description': 'A ransomware attack occurred against ESO Solutions, a '
'significant software provider for emergency services and '
'healthcare. This incident resulted from unauthorised data '
'access and system encryption across many enterprise '
'platforms. Depending on the information patients have shared '
"with their healthcare providers using ESO's software, a range "
'of personal data was exposed in the hack. Among the '
'compromised data are: complete names, dates of birth, phone '
'numbers, patient account numbers, medical records, details of '
'the injury, diagnosis, treatment, and procedure, and Social '
'Security numbers. It was established that patient data '
'connected to U.S. hospitals and clinics that ESO serves as a '
'client was compromised. All notified parties will receive a '
'year of identity monitoring services from Kroll through ESO '
'to assist in reducing risks.',
'impact': {'data_compromised': ['complete names',
'dates of birth',
'phone numbers',
'patient account numbers',
'medical records',
'details of the injury, diagnosis, treatment, '
'and procedure',
'Social Security numbers'],
'identity_theft_risk': 'Moderate',
'systems_affected': 'many enterprise platforms'},
'ransomware': {'data_encryption': 'Yes'},
'response': {'communication_strategy': 'Notified parties will receive a year '
'of identity monitoring services from '
'Kroll through ESO',
'third_party_assistance': 'Kroll'},
'title': 'Ransomware Attack on ESO Solutions',
'type': 'Ransomware Attack'}