Millions of people across the U.S. had their information exposed in a ransomware attack on Austin-based ESO Solutions, a provider of software to hospitals and emergency medical services.
In documents filed with state regulators, ESO Solutions said it “detected and stopped” a “sophisticated” ransomware attack on September 28. They subsequently discovered on October 23 that the hackers had in fact accessed and taken client health PPI located on one of the impacted systems. The data theft occurred before the gang encrypted “some of its computer systems.”
“This incident impacted data belonging to patients associated with ESO’s customers, including certain personal information and medical treatment information. This information included names, dates of birth, injury type, injury date, treatment date, treatment type and, in some cases, social security numbers,” ESO stated in the breach notification and posted on their website.
ESO told regulators in Maine that 2.7 million people were affected by the data breach. They were able to restore systems and operations thanks to having backups. The company also notified the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) as well as several state attorneys general.
The Maine AG notification confirmed the following healthcare providers as impacted in the ransomware attack:
- Mississippi Baptist Medical Center
- Community Health Systems Merit Health Biloxi
- Merit Health River Oaks
- ESO EMS Agency
- Forrest Health Forrest General Hospital
- Alaska Regional Hospital
- HCA Healthcare Alaska Regional Hospital
- Memorial Hospital at Gulfport Health System
- Providence St Joseph Health (Providence Kodiak Island Medical Center)
- Providence Alaska Medical Center
- Universal Health Services (UHS) Manatee Memorial Hospital
- Desert View Hospital
- Manatee Memorial Hospital
- Ascension Providence Hospital in Waco
Jan Lovmand, CTO, BullWall had this comment:
“Ransomware attacks on hospitals have become a serious threat to public health and safety. These attacks not only disrupt the delivery of essential medical services, postponing critical surgeries and treatments and putting patients’ lives at risk, but also compromise the security of sensitive patient information. The impact of these attacks can be, as they can leave hospitals struggling to recover their data and regain control of their systems. Whether the ransom is paid or not, the costs in dollars and lost patient care severely cripple these already struggling institutions.
“Hospitals and healthcare organizations are particularly attractive targets for cybercriminals, and their reliance on technology to manage everything from patient records to surgical equipment makes them uniquely vulnerable. This is compounded by their limited resources to invest in cybersecurity measures. But with ransomware continuing to be a significant threat to these organizations, investments must be made to contain these attacks, eliminating the need to resort to a complete shutdown of IT systems, and healthcare services.”
“The threat of cyber attacks on the healthcare sector is greater than it’s ever been, and this includes all downstream providers, as was the case with ESO Solutions. Attackers often consider these supply chain providers to be easier targets than the hospitals themselves.
“The numbers show empirically that the growth of successful Ransomware Attacks on all healthcare providers is growing faster than any other industry. This is in part due to a shift to the threat landscape. Ransomware attacks have seen a 700% increase in the last year in double extortion. The threat actor not only encrypts the data and then extorts you for the decryption key, but they also exfiltrate the data and threaten to release it if you don’t pay a ransom. This attack on ESO Solutions saw attackers first exfiltrate the data and then perform encryption of systems.
“A patient’s complete medical history is among the most sensitive data to a person that exists. The tried-and-true preventive solutions are still a must. Next gen endpoint security, Multifactor Authentication, Zero Trust and the like. However, no defensive stack can be 100% effective. With a determined threat actor and such a sprawling attack surface it is not “if” you’ll be hit it’s “when”. Instead of just relying on prevention to stop an attack they also need to plan for the inevitable. They need to have Ransomware Containment, that can contain Ransomware Attack once it starts hitting the critical infrastructure, they need disaster plans, business continuity plans and air-gapped backups.”
This is bad. And in 2024 it is highly likely that we will see events like this, or worse. And that is beyond bad.
Happy new year.
Like this:
Like Loading...
Related
This entry was posted on December 29, 2023 at 8:08 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Nearly 3 Million Have Been Affected By A Ransomware Attack On Medical Software Firm
Millions of people across the U.S. had their information exposed in a ransomware attack on Austin-based ESO Solutions, a provider of software to hospitals and emergency medical services.
In documents filed with state regulators, ESO Solutions said it “detected and stopped” a “sophisticated” ransomware attack on September 28. They subsequently discovered on October 23 that the hackers had in fact accessed and taken client health PPI located on one of the impacted systems. The data theft occurred before the gang encrypted “some of its computer systems.”
“This incident impacted data belonging to patients associated with ESO’s customers, including certain personal information and medical treatment information. This information included names, dates of birth, injury type, injury date, treatment date, treatment type and, in some cases, social security numbers,” ESO stated in the breach notification and posted on their website.
ESO told regulators in Maine that 2.7 million people were affected by the data breach. They were able to restore systems and operations thanks to having backups. The company also notified the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) as well as several state attorneys general.
The Maine AG notification confirmed the following healthcare providers as impacted in the ransomware attack:
Jan Lovmand, CTO, BullWall had this comment:
“Ransomware attacks on hospitals have become a serious threat to public health and safety. These attacks not only disrupt the delivery of essential medical services, postponing critical surgeries and treatments and putting patients’ lives at risk, but also compromise the security of sensitive patient information. The impact of these attacks can be, as they can leave hospitals struggling to recover their data and regain control of their systems. Whether the ransom is paid or not, the costs in dollars and lost patient care severely cripple these already struggling institutions.
“Hospitals and healthcare organizations are particularly attractive targets for cybercriminals, and their reliance on technology to manage everything from patient records to surgical equipment makes them uniquely vulnerable. This is compounded by their limited resources to invest in cybersecurity measures. But with ransomware continuing to be a significant threat to these organizations, investments must be made to contain these attacks, eliminating the need to resort to a complete shutdown of IT systems, and healthcare services.”
“The threat of cyber attacks on the healthcare sector is greater than it’s ever been, and this includes all downstream providers, as was the case with ESO Solutions. Attackers often consider these supply chain providers to be easier targets than the hospitals themselves.
“The numbers show empirically that the growth of successful Ransomware Attacks on all healthcare providers is growing faster than any other industry. This is in part due to a shift to the threat landscape. Ransomware attacks have seen a 700% increase in the last year in double extortion. The threat actor not only encrypts the data and then extorts you for the decryption key, but they also exfiltrate the data and threaten to release it if you don’t pay a ransom. This attack on ESO Solutions saw attackers first exfiltrate the data and then perform encryption of systems.
“A patient’s complete medical history is among the most sensitive data to a person that exists. The tried-and-true preventive solutions are still a must. Next gen endpoint security, Multifactor Authentication, Zero Trust and the like. However, no defensive stack can be 100% effective. With a determined threat actor and such a sprawling attack surface it is not “if” you’ll be hit it’s “when”. Instead of just relying on prevention to stop an attack they also need to plan for the inevitable. They need to have Ransomware Containment, that can contain Ransomware Attack once it starts hitting the critical infrastructure, they need disaster plans, business continuity plans and air-gapped backups.”
This is bad. And in 2024 it is highly likely that we will see events like this, or worse. And that is beyond bad.
Happy new year.
Share this:
Like this:
Related
This entry was posted on December 29, 2023 at 8:08 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.