Episource reports data breach exposing personal health information
Learn More
Episource, LLC, a company specializing in medical coding and risk adjustment services, is reporting a cybersecurity breach that compromised sensitive personal information of an undisclosed number of individuals.
The breach was discovered on February 6, 2025, when unusual activity was detected in the company's computer systems. The investigation revealed that a cybercriminal accessed and copied data from the systems between January 27 and February 6, 2025.
Compromised data includes:
- Contact information
- Health insurance data
- Health data and medical information
- Social Security numbers (in limited cases)
- Dates of birth (in limited cases)
The nature of the attack and the number of affected individuals is not disclosed. The company stated, "To date, the company is not aware of any misuse of the data".
Update - as of 10th of June 2025, Episource told regulators that the incident affected at least 24,259 individuals
As of 18th of June 2025, Episource reported to the U.S. Department of Health and Human Services Office that the cyberattack impacted 5,418,866 people. Exposed data includes:
- Full name
- Physical address
- Email address
- Phone number
- Insurance plan information
- Medicaid ID and information
- Medical record details (diagnoses, test results, medications, images, treatments)
- Date of birth
- Social Security number (SSN)
As of 19th of June 2025, Sharp Healthcare and Sharp Community Medical Group, are reporting they were impacted by the breach exposing health plan details, diagnoses and test results.
Starting April 23, 2025, Episource began notifying affected customers. The company is offering complimentary credit monitoring and identity protection services. Individuals are advised to monitor their health care and financial statements for any unfamiliar activity as a precautionary measure.
