A significant data breach at California-based Episource, a technology firm providing services to the healthcare industry, has compromised the personal and medical information of over 5.4 million people. Discovered in early February, the breach involved hackers copying files from Episource’s systems between January 27 and February 6. The stolen data is extensive, encompassing highly sensitive details such as Social Security numbers, health insurance and Medicaid-Medicare ID numbers, and comprehensive medical records, including diagnoses, test results, and treatment information. Law enforcement has been involved in the investigation, and Episource temporarily shut down its computer systems to mitigate the impact.
Episource, which specializes in medical coding and risk adjustment services for healthcare providers and health plans, is coordinating with its customers to notify all affected individuals.
The victims of this breach are either patients who received services from doctors using Episource’s tools or members of health plans that utilize their services. The company has advised victims to diligently monitor their benefit statements for any unauthorized charges and has established a dedicated call line for inquiries. Some of Episource’s customers, such as Sharp Healthcare, have also issued their own breach notifications.
This is not Episource’s first encounter with a data breach, as the company experienced a similar incident in 2023 where a comparable range of sensitive information was leaked. The recurring nature of these security compromises raises concerns about the firm’s cybersecurity posture.
The situation is further complicated by Episource’s acquisition in 2023 by Optum, a healthcare giant under UnitedHealth.
Notably, Optum itself was at the center of a massive cybersecurity incident last year, where its subsidiary Change Healthcare was hit by a ransomware attack in February, leading to the exposure of sensitive healthcare information belonging to an astounding 190 million people. This broader context highlights the increasing vulnerability of the healthcare industry to sophisticated cyberattacks and underscores the interconnectedness of data security within large healthcare ecosystems.
Reference: