A cyberattack on U.S.-based healthcare services company Episource has led to a data breach affecting the personal and medical information of over 5.4 million individuals. Episource
specializes in risk adjustment, clinical data analytics, and medical record review for health plans and providers, particularly those in the Medicare Advantage, Medicaid, and ACA markets.
The company detected unusual activity in its systems on February 6, 2025. An investigation revealed that a threat actor had gained access to and copied data over a 10-day period from January 27 to February 6. In response, Episource took its systems offline, launched a detailed investigation with cybersecurity experts, and notified law enforcement. As of now, the company has not received any reports of misuse related to the exposed information.
According to a breach notification posted on its website, Episource stated, “We quickly took steps to stop the activity, began investigating right away, and turned off our computer systems to protect the customers we work with and their patients and members.”
The compromised data varied by individual and may include contact information (such as name, address, phone number, and email), as well as:
- Personal identifiers, including Social Security numbers (in limited instances) and dates of birth
- Health insurance information, including policy details, member and group IDs, and government-issued Medicaid or Medicare identifiers
- Health records, including medical record numbers, provider names, diagnoses, prescriptions, test results, imaging, and treatment details
Notifications to affected customers began on April 23, 2025, with personalized details about the specific data involved in each case.
While financial information appears to have been largely unaffected, Episource recommends that impacted individuals monitor their health, financial, and tax records for any signs of suspicious activity and report concerns to appropriate institutions.
This incident is part of a broader trend of cyberattacks targeting healthcare organizations. In April, Yale New Haven Health System also confirmed a breach affecting 5.5 million patients after a separate cyberattack. YNHHS is Connecticut’s largest healthcare provider and operates a wide range of medical facilities and services across the state.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
