SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Data Breach at Healthcare Services Firm Episource Impacts 5.4 Million People

Hackers have stolen personal and health information belonging to the customers of healthcare organizations served by Episource.
Episource data breach

Healthcare services firm Episource has been targeted in a cyberattack that resulted in a data breach impacting more than 5.4 million individuals.

Episource provides medical coding and risk adjustment services to doctors, health plans, and other types of healthcare organizations. 

The firm revealed in a data breach notice that it detected unauthorized access to its systems in early February. An investigation showed that “a cybercriminal” was able to view and copy data belonging to some Episource customers between January 27 and February 6, 2025. 

“We quickly took steps to stop the activity. We began investigating right away and hired a special team to help us. We also called law enforcement. We turned off our computer systems to help protect the customers we work with and their patients and members,” the company said, noting that it’s not aware of any misuse of the compromised data.

The information stolen by the hackers varies from person to person, but it can include name, address, email address, phone number, date of birth, Social Security number, health insurance data, and medical records and other health information.

Episource told the US Department of Health and Human Services (HHS) that the incident impacts roughly 5.41 million individuals. The company has notified impacted customers and is sending notices to the impacted individuals on these customers’ behalf. 

Advertisement. Scroll to continue reading.

Some Episource customers, such as Sharp HealthCare, have published their own data breach notice. Sharp told HHS that more than 20,000 of its customers are affected. 

According to some reports, Episource has been targeted in a ransomware attack. However, no known ransomware group appears to have taken credit for the attack on Episource at the time of writing. 

It’s not uncommon for healthcare data breaches to impact millions and even tens of millions of individuals. 

Related: Asheville Eye Associates Says 147,000 Impacted by Data Breach

Related: 240,000 Impacted by Data Breach at Eyecare Tech Firm Ocuco

Related: Ransomware Gang Leaks Alleged Kettering Health Data

Related: Marlboro-Chesterfield Pathology Data Breach Impacts 235,000 People

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: ROSI for CPS Security Programs
May 13, 2026

In cyber-physical systems (CPS), just one hour of downtime can outweigh an entire annual security budget. Learn how to master the Return on Security Investment (ROSI) to align security goals with the bottom-line priorities.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

Jacki Monson has joined CVS Health as SVP, Deputy CISO.

Gigi Schumm has been promoted to Chief Revenue Officer at Securonix.

Chris Sistrunk has been promoted to Practice Leader for Mandiant's OT Security Consulting.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.