tl;dr
Episource, a healthcare technology company, experienced a data breach affecting approximately 5.4 million people. Cybercriminals accessed sensitive personal and health information, including health insurance details, medical records, and personal identifiers such as Social Security numbers. The brea...
A healthcare technology company, Episource, has warned millions of Americans of a major data breach impacting approximately 5.4 million individuals. The breach, discovered on February 6, 2025, involved unauthorized access to company computer systems by cybercriminals who copied sensitive personal and health-related information.
Data exposed in the hack includes a range of health insurance details such as health plans and policy information, insurance company identifiers, member and group ID numbers, and Medicaid-Medicare payor IDs. Additionally, medical records containing diagnoses, test results, physician information, and medical images were compromised. Personal identifiers like birthdays and Social Security numbers were also accessed.
Upon detection of unusual system activity, Episource promptly halted operations to contain the breach, launched an internal investigation, engaged a specialized cybersecurity team, and notified law enforcement agencies. According to statements, the company remains unaware of any misuse of the stolen data to date.
While Episource did not specify the exact method of intrusion, one client, Sharp HealthCare, described the incident as a ransomware attack. In response, Episource is implementing enhanced security measures to strengthen its computer systems and prevent future breaches. It is also offering two years of complimentary credit monitoring and identity theft protection to all affected clients.