ESO Solutions, a texas based medical software solution company, has suffered a ransomware attack that has exposed personal details and healthcare information belonging to 2.7 million U.S. patients.
ESO Solutions has informed the state regulators that it “detected and stopped a sophisticated ransomware incident” on Sept. 28, but not before the attackers were able to encrypt some of the company’s systems. FBI investigation determined, on Oct. 23, that personal data on one of its affected systems had been exfiltrated during the breach.
The tactic of exfiltrating data during a ransomware attack is known as double extortion. It is meant to maximize the financial gain of the attack. Victims who refuse to pay a ransom, to decrypt their data, are then threatened that their data will be publicly released or sold if they don’t pay. This puts pressure on victims to pay or risk exposing organizations to reputational damage, legal consequences, and regulatory fines.
It’s unclear from ESO Solutions disclosure if attackers made specific threats to release portions of the medical records as a consequence to not paying the ransom. The company had found no evidence that impacted information has been misused.
Hospitals who use ESO’s software have also notified patients that their information has been compromised.
“We encourage all individuals to remain vigilant and to regularly review and monitor relevant account statements and credit reports and report suspected incidents of identity theft to local law enforcement, your state’s Attorney General, or the Federal Trade Commission,”
The personal data exposed through the attack varied from individual to individual but included names, phone numbers, addresses, social security numbers, and medical details including injury, diagnosis and treatment information. ESO is offering those affected free access to an identity monitoring service.
Healthcare organizations are becoming increasingly sweet spots for threat actors.
