Episource warns of a data breach after hackers stole well being data of over 5 million individuals in the USA in a January cyberattack.
Episource is an American healthcare companies firm that gives danger adjustment, medical coding, knowledge analytics, and expertise options to well being plans and suppliers. They assist insurers optimize funds and compliance in authorities applications like Medicare Benefit.
In a data breach notification on its web site, Episource says it detected uncommon exercise on its methods on February 6, 2025. An investigation revealed that hackers accessed and exfiltrated delicate knowledge saved on these methods between January 27 and the time of the invention.
“We discovered from our investigation {that a} cybercriminal was capable of see and take copies of some knowledge in our pc methods,” explains Episource.
“This occurred between January 27, 2025 and February 6, 2025. To this point, we aren’t conscious of any misuse of the info.”
The uncovered knowledge diversified per particular person however might embody a number of of the next knowledge varieties:
- Full identify
- Bodily deal with
- Electronic mail deal with
- Telephone quantity
- Insurance coverage plan data
- Medicaid ID and data
- Medical document particulars (diagnoses, take a look at outcomes, drugs, photos, therapies)
- Date of delivery
- Social Safety quantity (SSN)
The assertion underlines that no banking or fee card data has been uncovered as a consequence of this incident.
A submitting on the U.S. Division of Well being and Human Companies Workplace for Civil Rights’s breach portal says the cyberattack impacted 5,418,866 individuals.
Though Episource has begun notifying impacted people since April 23, 2025, the variety of uncovered individuals was submitted to the authorities on June 6 and printed yesterday.
Episource serves a number of healthcare suppliers and insurers, and the info uncovered on this incident comes from these purchasers.
The discover doesn’t identify any particular suppliers whose knowledge was concerned, and Episource says not all of its purchasers had been impacted by this incident.
The notifications despatched to affected sufferers are on behalf of Episource’s purchasers, so these individuals won’t be receiving separate notices from the suppliers.
Impacted people are suggested to remain vigilant in opposition to unsolicited communications, evaluate their advantages assertion for companies they did not obtain, and monitor financial institution and bank card statements for suspicious exercise.
Patching used to imply advanced scripts, lengthy hours, and limitless hearth drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch sooner, cut back overhead, and concentrate on strategic work — no advanced scripts required.
