ESO Solutions, a leading provider of healthcare software products, has announced a significant data breach resulting from a ransomware attack. The breach exposed the personal information of approximately 2.7 million patients associated with ESO's customers, including hospitals and clinics in the United States.

The attack occurred on September 28, with hackers breaching the company's systems and exfiltrating sensitive data before encrypting several machines. ESO Solutions determined that the attackers had accessed one specific machine containing highly sensitive personal information.

The impacted individuals' data varies depending on what information patients provided to the affiliated healthcare organizations using ESO's software and the type of care services they received. The exact nature of the exposed data has not been disclosed.

ESO Solutions wasted no time in responding to the breach, immediately notifying the FBI and relevant state authorities. The company took swift action to notify all impacted customers on December 12, enabling affected hospitals to initiate the process of notifying their patients in the days that followed.

To help mitigate the risks associated with this breach, ESO Solutions is offering 12 months of identity monitoring service coverage through Kroll to all individuals who received notice of the breach.

At this time, no ransomware group has claimed responsibility for the attack on ESO Solutions, leaving investigators and cybersecurity experts searching for clues about the perpetrators.

Unfortunately, this incident is yet another example of supply-chain breaches that have become alarmingly prevalent in the healthcare sector, posing threats to patient data security and the financial stability of medical institutions. Healthcare organizations must remain vigilant in their efforts to safeguard patient information and invest in robust cybersecurity measures to prevent such attacks.

As the investigation continues, ESO Solutions and its customers are urged to take immediate steps to enhance their cybersecurity practices and maintain regular monitoring and risk assessment protocols to ensure the privacy and security of patient data.