Recommended reading

Major US healthcare data provider hit by data breach - over 5 million patients affected, here's what we know

News
By published

Episource confirms cyberattack

Padlock against circuit board/cybersecurity background
(Image credit: Getty Images)
  • Episource confirms cyberattack with patient data stolen
  • The theft happened in late January 2025, and includes policy and MedicAid information
  • Customers are urged to remain vigilant

American healthcare data giant Episource has confirmed suffering a cyberattack in which it lost sensitive data on more than five million people.

In a data breach notification published on the company’s website, it said the intrusion was spotted on February 6, 2025, and after shutting down the IT network, bringing in third-party forensics experts, and notifying law enforcement, the company learned the miscreants took “copies of some data” between January 27 and February 6, 2025.

The data includes health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers. It also includes health data such as medical record numbers, doctors, diagnoses, medicines, test results, images, care, and treatment, as well as other personal data such as dates of birth or Social Security numbers (SSN).

Increasing credibility

Cybercriminals often target healthcare organizations for their data, since it can be abused in phishing, identity theft, and other forms of scams.

Crooks can use the data to craft personalized, convincing emails, which can trick the victims into downloading malware or sharing login credentials.

At the same time, Episource filed a new report with the US Department of Health and Human Services Office for Civil Rights’ breach portal, confirming exactly 5,418,866 people were affected by this attack.

The company began notifying them on April 23, 2025, it was said. It did not state which providers it’s notifying, but stressed that not everyone was impacted by the attack.

Episource is a healthcare data and technology company that helps health plans manage risk adjustment, quality measurement, and clinical data through analytics, coding, and technology solutions.

It is urging impacted individuals to stay vigilant, and watch out for potential impersonation and scam attempts.

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.