Patient data stolen in ransomware attack affecting millions of healthcare victims

ransomware avast
(Image credit: Avast)

A company building software for hospitals, EMS, and firefighters has suffered a ransomware attack and a data breach that may have affected 2.7 million patients in the US.

ESO Solutions disclosed the breach earlier this week. Apparently, it happened in late September 2023, when an unidentified threat actor accessed one company machine that contained sensitive personal data. The company didn’t detail how the hackers accessed the endpoint - if it was due to social engineering or malware.

ESO Solutions’ customers include healthcare organizations, clinics, and hospitals in the US. Among the victims are Mississippi Baptist Medical Center, Community Health Systems Merit Health Biloxi, Merit Health River Oaks, ESO EMS Agency, Forrest Health Forrest General Hospital, HCA Healthcare Alaska Regional Hospital, Memorial Hospital at Gulfport Health System, and many others. 

No abuse yet

These hospitals gathered information provided by their patients and the service they would receive. The data the hackers stole includes people’s full names, birth dates, phone numbers, patient accounts and medical record numbers, injury information, diagnoses, treatment types, procedure information, and Social Security Numbers.

The company notified the FBI and state police of the cyberattack. The customers were notified earlier this month and were offered 12 months of identity monitoring services through Kroll. “At this time, we do not have evidence that your information has been misused,” the company allegedly told the victims in a notification letter. 

Usually, when a ransomware group steals the data and encrypts the systems, they reach out to the victims and try to negotiate a ransom payment in exchange for the data and the decryption key. However, in this instance, no hackers have yet claimed responsibility for the attack.

When negotiations break down, hackers often leak the data online or try to sell it to a different threat actor who could then use it in phishing attacks and similar.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.