Episource, a healthcare services company specializing in medical coding and risk adjustment, discovered the breach on February 6th, 2025, after noticing unusual activity within its systems. An investigation revealed that attackers had likely infiltrated their systems between January 27th and February 6th, gaining access to and potentially copying sensitive data. In response, Episource promptly shut down its computer systems to mitigate further exposure and has since notified all impacted clients about the incident, which affected 5,418,866 individuals according to the US Department of Health and Human Services.
The compromised data is extensive, encompassing contact information, health insurance details (including policy numbers and government payor IDs), and comprehensive health data such as medical record numbers, diagnoses, medications, and test results. In some instances, Social Security numbers and dates of birth were also exposed. While Episource asserts they have no current information regarding the misuse or exploitation of the stolen data, the exposure of such highly personal information poses significant risks to affected individuals, including identity theft, phishing attacks, and sophisticated healthcare scams.
Cybersecurity experts warn that attackers could leverage this detailed information to craft highly convincing social engineering attacks.
Potentially impersonating medical staff to extract even more sensitive details from unsuspecting victims. This incident underscores the ongoing vulnerability of healthcare providers to cyberattacks and the severe consequences for patient privacy and security. The scale and nature of the exposed data could lead to tailored intrusions, increasing the likelihood of successful fraudulent activities targeting those affected.
This breach follows a similar, even larger, incident in early 2024 involving another UnitedHealth Group subsidiary, Change Healthcare, which affected 190 million individuals. That attack, attributed to the ALPHV/BlackCat ransomware cartel, severely disrupted the healthcare system and reportedly resulted in a $22 million ransom payment. The recurring nature of such significant breaches within UnitedHealth Group’s ecosystem, a company that processes a substantial portion of American medical claims and interacts with a vast network of healthcare providers, highlights a critical need for enhanced cybersecurity measures across the entire healthcare industry.
Reference: