Disclosure Regarding ESO Inc. Breach and Patient Information
December 12, 2023Tallahassee Memorial HealthCare (TMH) is providing notice of a cybersecurity incident involving a contracted vendor that included certain patients’ personal identifiable information and personal health information.
On September 28, 2023, ESO Solutions, Inc. (ESO) in Austin, Texas, detected and stopped a sophisticated cybersecurity incident, in which an unauthorized third party accessed and encrypted some of ESO’s computer systems. ESO immediately took its affected systems offline, secured its network environment and engaged third-party forensic specialists to assist with the investigation.
TMH has a business associate agreement with ESO related to the transfer of patient data to the state of Florida and the Florida Trauma Registry. State law requires TMH, as a trauma center, to maintain a comprehensive database of all injured patients treated in the hospital because of a traumatic injury. ESO provides software services that help hospitals improve operations, quality and patient outcomes. For this reason, ESO has certain individuals’ information from when TMH provided emergency care to them in the past.
While this incident did not occur on TMH servers and did not impact TMH computer systems or operations, it affected 9,566 TMH patients. ESO is a valued partner and has coordinated with TMH to begin providing notice to all patients for whom there are verifiable mailing addresses and resources so potentially impacted individuals can protect themselves.
The investigation determined that the unauthorized third party may have acquired some personal data. The impacted data varied by individual, but it may have contained personal information, including names, phone numbers, addresses and some sensitive personal information and/or protected health information.
ESO is mailing letters to affected individuals for whom it has verifiable addresses and is offering notice and information on its website. While, to date, ESO is unaware of any misuse of the involved information, as a precaution, ESO is offering complimentary credit monitoring and identity theft protection services to individuals whose information may have been impacted.
ESO and TMH value the security of the data they maintain and understand the concern and inconvenience that this incident may have caused. ESO continues to build on its already substantial investments in cybersecurity to prevent an incident like this from reoccurring and protect information now and in the future.
For More Information from ESO
Representatives are available to assist you with questions regarding this incident, between the hours of 9 am to 6:30 pm, Eastern Time, Monday through Friday, excluding holidays. Please call the help line at (866) 347-8525 with any questions you may have.
On behalf of ESO, please accept our sincere apology for this incident and any inconvenience it may cause you. We value the security of the protected health information and personal information that we maintain, and understand the frustration, concern, and inconvenience that this incident may have caused.
For more information on this incident, please visit the ESO website at https://www.eso.com/notice-of-cybersecurity-incident/.