Healthcare Software Company Notifies 2.7M Individuals of Data Breach

ESO Solutions suffered a ransomware attack in which an unauthorized third party encrypted some of its computer systems, resulting in a data breach.

ESO Solutions, a healthcare software company, notified 2.7 million individuals of a data breach caused by a September 2023 ransomware attack against its systems. ESO Solutions provides software to hospitals, emergency medical services, fire departments, and state and federal agencies.

According to its breach notice, ESO detected a ransomware attack on September 28, 2023 and immediately took affected systems offline and engaged specialists. Further investigation determined that an unauthorized party had encrypted some of ESO’s computer systems and acquired sensitive data in the process.

“Please know that we have taken all reasonable steps to prevent the data from being further published or distributed, and have notified and are working with federal law enforcement to investigate,” ESO stated.

The impacted systems contained patient names, phone numbers, addresses, and some protected health information. ESO offered complimentary credit monitoring and identify theft protection services to the impacted individuals.

ESO assured impacted individuals that it had secured the deletion of all impacted data and restored its systems and operations thanks to data backups.

Cardiovascular Consultants Breach Impacts 484K

Arizona-based Cardiovascular Consultants Ltd. (CVC) recently notified 484,000 individuals of a data breach. On September 29, 2023, CVC learned that some of its computer systems were being impacted by a cyber incident.

CVC later determined that an unauthorized party had accessed certain systems and encrypted and stolen information.

The information on the impacted systems included patient names, Social Security numbers, insurance policy information, treatment information, mailing addresses, demographic information, and billing records. The systems also contained information about patient guarantors and insurance policyholders.

CVC provided impacted patients with identity theft protection and credit monitoring services and implemented additional security measures to prevent future incidents.

HealthEC Suffers Data Breach

HealthEC (HEC), a New Jersey-based population health management company, notified 112,000 individuals of a data breach that occurred in 2023. HEC launched an investigation into suspicious network activity and determined that an unknown actor had accessed certain systems between July 14 and July 23, 2023.

During that time, the unauthorized actor copied certain files containing patient names, dates of birth, medical information, and health insurance information. HEC engaged with law enforcement and remediated impacted systems to mitigate further risk.

In addition, HEC offered credit monitoring to the impacted individuals.  

Next Steps

Dig Deeper on Healthcare data breaches