EpiSource LLC, a California-based software company for health plans and providers, recently filed a data breach notice with the Attorney General of California. The breach, discovered on February 20, 2023, revealed suspicious activity within EpiSource’s Amazon Web Services (AWS) environment. An unauthorized party accessed confidential consumer data, including names, dates of birth, addresses, phone numbers, medical record numbers, health plan ID numbers, provider information, diagnoses, and medications. The breach impacted sensitive information but did not include Social Security numbers or financial account details.
Following the breach detection, EpiSource took immediate action to contain the incident and engaged an external data security firm to investigate. The unauthorized access occurred between February 19 and February 23, 2023. EpiSource confirmed that some files accessible to the unauthorized party contained sensitive consumer information. The company initiated a comprehensive review to identify the compromised information and affected individuals. On June 2, 2023, EpiSource commenced the notification process, sending data breach letters to all individuals impacted by the security incident.
EpiSource, founded in 2006, specializes in creating software solutions for health plans and providers to manage risk, analytics, program management, gap closure, reporting, and CMS submissions. The company, with over 5,000 employees, generates approximately $1.1 billion in annual revenue. The breach highlights the importance of reinforcing data security measures and follows a trend of increased cybersecurity incidents affecting organizations across various industries.
