Third Party Security Incident - ESO Solutions, Inc. - December 13, 2023
Maintaining the privacy and security of our patients' information is important to Ascension. On November 6, 2023, we received notice from ESO Solutions, Inc. (“ESO”) - a third-party partner that provides software to Ascension - of a security incident involving ransomware that affected their systems. Importantly, this incident did not involve Ascension systems, networks, or electronic health records. Ascension Texas (Seton, Providence) and Florida (Sacred Heart) were impacted by this incident.
On September 28, 2023, ESO detected and stopped a ransomware incident, in which an unauthorized third party accessed and encrypted some of ESO’s computer systems. ESO immediately took the affected systems offline, secured the network environment, and engaged third-party forensic specialists to assist with investigating the extent of any unauthorized activity. ESO’s investigation determined that the unauthorized third party may have acquired some personal data during this incident and notified Ascension of those impacted individuals. ESO states they have taken all reasonable steps to ensure the impacted data will not be further published or distributed, and have notified and are working with federal law enforcement to investigate.
Ascension information impacted by the incident included the following (Note: not all individuals would have all information listed affected): name, phone number, address, medical record or account number, Social Security number, insurance and payer information, and treatment-related information such as injury and diagnosis information, procedure type.
Ascension has worked with ESO to notify impacted individuals and has provided credit and identity theft protection services to those with Social Security numbers affected. Although there is no evidence to date that information has been misused, individuals were advised to remain vigilant against incidents of identity theft and fraud, review account statements, and monitor free credit reports for suspicious activity and to detect errors.
You can read more about the incident on ESO’s website here: https://www.eso.com/notice-of-cybersecurity-incident/.
If you have additional questions, please contact the dedicated assistance line toll-free at 866-347-8525 Monday through Friday, between 8:00 a.m. and 5:30 p.m., Central Time, excluding major U.S. holidays.