2.7 Million Affected by ESO Solutions Inc. Data Breach

Late last month, ESO Solutions Inc.(“ESO”), a software solutions provider for hospitals, health systems, EMS agencies, and fire departments, confirmed that it fell victim to a ransomware attack in September 2023 that resulted in file encryption, which affected 2.7 million individuals. According to the data breach notice filed with the Attorney General of Main, the breach was first detected on September 28, 2023. The report claims ESO “detected and stopped a sophisticated ransomware incident in which an unauthorized third party accessed and encrypted some of ESO’s computer systems.”

In response to the breach, ESO claims they immediately worked to secure its networks by taking their systems offline. The software company implemented measures to confirm the security of its systems and engaged with a third-party forensic firm to assist in investigating the extent of the unauthorized activity. Eventually it was able to safely restore its systems and operations via “viable backups.” Once up and running, ESO notified the Federal Bureau of Investigation (“FBI”) and has since worked closely with the FBI in its investigation into the attack.

On October 23, 2023, ESO was able to confirm that an unauthorized party accessed portions of its computer system, including files containing confidential patient information. Since this discovery, ESO has taken a closer look into the compromised files to determine what information was leaked and which patients were impacted. According to the report, the breached information varies depending on the individual and may include the following sensitive information:

• Names, 
• Dates of birth, 
• Injury type,
• Injury date, 
• Treatment date, 
• Treatment type,
• Social Security numbers

Since December 12, 2023, ESO Solutions has notified potentially impacted clients on a rolling basis and is offering to support its impacted healthcare customers by offering the services of Kroll, a financial and risk advisory firm, to provide identity monitoring at no cost to impacted individuals for up to 24 months. Then, on December 19, 2023, the ESO Solutions data breach was announced after the company filed notice of the incident with several state governments. 

Who Is Affected by the ESO Solutions Data Breach?

As mentioned, on December 12, 2023, ESO Solutions sent letters notifying those affected by the breach that third-party entities may have accessed their information. However, in its initial report, the facilities impacted by the ESO data breach were not known. Now, according to a recently released report, it has been revealed that the following providers were affected by the breach:

• Ascension Providence Hospital in Waco
• Alaska Regional Hospital
• CaroMont Health
• Desert View Hospital
• ESO EMS Agency
• Forrest General Hospital
• Manatee Memorial Hospital
• Memorial Hospital at Gulfport
• Merit Health Biloxi
• Merit Health River Oaks
• Mississippi Baptist Medical Center
• Providence Alaska Medical Center
• Providence Kodiak Island Medical Center
• Tallahassee Memorial

If you are a registered patient or client under any of the previously listed facilities, your information may have been compromised during the ESO Solutions data breach. For more information, contact a data breach attorney today.  

Who Is ESO Solutions?

ESO Solutions, Inc. was founded in 2004 and is a data and software company headquartered in Austin, Texas. ESO provides software services designed to help hospitals and healthcare systems, like private EMS agencies, fire departments, and state EMS offices, to help improve their operations, quality of care, and patient outcomes. ESO Solutions employs over 500 people and generates roughly $227 million in annual revenue.

What You Can Do To Protect Yourself After the ESO Solutions Data Breach

ESO is currently offering affected individuals up to 24 months of identity protection and has provided a helpline at (866) 347-8525 with representatives who are available to assist you with questions regarding this incident between the hours of 9:00 a.m. to 6:30 p.m. Eastern Time, Monday through Friday. However, after a company has suffered from a data breach, you need to ensure you are taking the necessary steps to secure your personal information. 

In the event your information was accessed due to a breach, you should immediately contact the Social Security Administration, the Internal Revenue Service, the Federal Trade Commission, and the Department of Justice to notify and report suspicious activity under your information, including your name and social security number. Affected individuals also have the option to monitor their credit using online credit reporting tools provided by credit unions like Equifax, Experian, and Transunion, who offer one free credit check a year. 

For more frequent credit monitoring, Intuit Credit Karma grants users daily access and alerts to their credit free of cost. Do not stop there. After your social security number has been stolen due to a data breach, you will want to contact a data breach attorney. You should never have to wonder if the company you entrusted your personal data to is prepared to keep it safe from third-party hackers.

If you suspect that your personal information was compromised due to the ESO Solutions Inc. Data Breach, you can trust a Morgan & Morgan data breach attorney to provide you with the assistance and support you need. To learn more information about the breach or how a data breach attorney can help you, contact Morgan & Morgan by completing our free, no-obligation case evaluation form today.