Major US healthcare data provider hit by data breach – over 5 million patients affected, here’s what we know
- Episource confirms cyberattack with patient data stolen
- The theft happened in late January 2025, and includes policy and MedicAid information
- Customers are urged to remain vigilant
American healthcare data giant Episource has confirmed suffering a cyberattack in which it lost sensitive data on more than five million people.
In a data breach notification published on the company’s website, it said the intrusion was spotted on February 6, 2025, and after shutting down the IT network, bringing in third-party forensics experts, and notifying law enforcement, the company learned the miscreants took “copies of some data” between January 27 and February 6, 2025.
The data includes health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers. It also includes health data such as medical record numbers, doctors, diagnoses, medicines, test results, images, care, and treatment, as well as other personal data such as dates of birth or Social Security numbers (SSN).
Increasing credibility
Cybercriminals often target healthcare organizations for their data, since it can be abused in phishing, identity theft, and other forms of scams.
Crooks can use the data to craft personalized, convincing emails, which can trick the victims into downloading malware or sharing login credentials.
At the same time, Episource filed a new report with the US Department of Health and Human Services Office for Civil Rights’ breach portal, confirming exactly 5,418,866 people were affected by this attack.
The company began notifying them on April 23, 2025, it was said. It did not state which providers it’s notifying, but stressed that not everyone was impacted by the attack.
Episource is a healthcare data and technology company that helps health plans manage risk adjustment, quality measurement, and clinical data through analytics, coding, and technology solutions.
It is urging impacted individuals to stay vigilant, and watch out for potential impersonation and scam attempts.
Via BleepingComputer
More from TechRadar Pro
Episource confirms cyberattack with patient data stolen The theft happened in late January 2025, and includes policy and MedicAid information Customers are urged to remain vigilant American healthcare data giant Episource has confirmed suffering a cyberattack in which it lost sensitive data on more than five million people. In a…
