Malware
Massive Data Breach Hits 2.7 Million: Healthcare Software Provider’s Security Nightmare
A cyberattack on healthcare software provider Adapthealth has exposed the data of 27 million people, including patients and employees. The breach involves sensitive information, including names, addresses, and Social Security numbers. Adapthealth has offered free credit monitoring and identity theft protection to the affected individuals.
Imagine this: you go to the hospital for a minor injury, provide your personal information, and receive the necessary care. Later, you find out that your sensitive data has been exposed in a massive data breach affecting 2.7 million patients. This is the reality for many as a result of a ransomware attack on ESO Solutions, a provider of software products for healthcare organizations and fire departments.
The Attack and Its Aftermath
On September 28, the intrusion occurred, leading to data exfiltration before the hackers encrypted several company systems. ESO Solutions discovered during their investigation that the attackers accessed one machine containing sensitive personal data. By October 23, they determined that the data breach caused by the ransomware attack impacted patients associated with its customers, including hospitals and clinics in the U.S.
The type of data exposed varies per individual but may include:
- Full name
- Dates of birth
- Phone number
- Patient account/medical record number
- Injury type and date
- Diagnosis information
- Treatment type and date
- Procedure information
- Social Security Number (SSN)
It all depends on the information patients provided to the healthcare organizations using ESO’s software and the care services they received.
Notifying the Authorities and Affected Parties
ESO Solutions has informed the FBI and state authorities of the incident. All impacted customers were notified on December 12, and some of the affected hospitals began sending notices of the breach to their patients in the days that followed.
While there is currently no evidence that the exposed information has been misused, ESO is offering 12 months of identity monitoring service coverage through Kroll to all notice recipients as a precaution.
Healthcare Providers Impacted by the Attack
As of writing, the following healthcare providers are confirmed as impacted by the ransomware attack at ESO:
- Mississippi Baptist Medical Center
- Community Health Systems Merit Health Biloxi
- Merit Health River Oaks
- ESO EMS Agency
- Forrest Health Forrest General Hospital
- HCA Healthcare Alaska Regional Hospital
- Memorial Hospital at Gulfport Health System
- Providence St Joseph Health (Providence Kodiak Island Medical Center)
- Providence Alaska Medical Center
- Universal Health Services (UHS) Manatee Memorial Hospital
- Desert View Hospital
- Ascension Providence Hospital in Waco
- Tallahassee Memorial
- Manatee Memorial Hospital
- CaroMont Health
At the moment, no ransomware group has taken responsibility for the ESO attack.
The Growing Threat of Supply-Chain Breaches in Healthcare
Unfortunately, these supply-chain breaches have become all too common in the healthcare space, impacting patient data safety and threatening the operational and financial stability of medical institutions. This incident is a stark reminder of the importance of robust cybersecurity measures in protecting sensitive information.
What You Can Do
As a concerned individual or organization, it’s crucial to stay informed about cybersecurity threats and best practices. Don’t hesitate to contact us for more information on how to protect your data and stay ahead of cyber threats. Remember, knowledge is power – and in the realm of cybersecurity, it can make all the difference.