By HFT Staff

Tallahassee Memorial HealthCare (TMH) is providing notice of a cybersecurity incident involving a contracted vendor that included certain patients’ personal identifiable information and personal health information. 

On September 28, 2023, ESO Solutions, Inc. (ESO) in Austin, Texas, detected and stopped a sophisticated cybersecurity incident, in which an unauthorized third party accessed and encrypted some of ESO’s computer systems. ESO immediately took its affected systems offline, secured its network environment and engaged third-party forensic specialists to assist with the investigation. 

TMH has a business associate agreement with ESO related to the transfer of patient data to the state of Florida and the Florida Trauma Registry. State law requires TMH, as a trauma center, to maintain a comprehensive database of all injured patients treated in the hospital because of a traumatic injury. ESO provides software services that help hospitals improve operations, quality and patient outcomes. For this reason, ESO has certain individuals’ information from when TMH provided emergency care to them in the past. 

While this incident did not occur on TMH servers and did not impact TMH computer systems or operations, it affected 9,566 TMH patients. ESO is a valued partner and has coordinated with TMH to begin providing notice to all patients for whom there are verifiable mailing addresses and resources so potentially impacted individuals can protect themselves. 

The investigation determined that the unauthorized third party may have acquired some personal data. The impacted data varied by individual, but it may have contained personal information, including names, phone numbers, addresses and some sensitive personal information and/or protected health information. 

ESO is mailing letters to affected individuals for whom it has verifiable addresses and is offering notice and information on its website. While, to date, ESO is unaware of any misuse of the involved information, as a precaution, ESO is offering complimentary credit monitoring and identity theft protection services to individuals whose information may have been impacted.