A huge data breach at a healthcare tech company, Episource, has exposed the personal information of 5.4 million Americans. The company, which provides software and services to healthcare providers and plans, confirmed the hack.
What Happened?
Episource discovered suspicious activity on their computer systems on February 6th, 2025. An investigation revealed that hackers had accessed and copied sensitive data. The company immediately took steps to stop the breach, launched a full investigation, contacted law enforcement, and shut down its systems to prevent further damage.
What Information Was Stolen?
The stolen data includes a wide range of sensitive information:
- Health Insurance Data: Health plan details, insurance company names, member/group IDs, and government payer IDs (like Medicare and Medicaid).
- Medical Records: Medical record numbers, doctor information, diagnoses, test results, and medical images.
- Personal Information: Birthdates and Social Security numbers.
Episource claims it’s unaware of any misuse of the stolen data so far.
Ransomware Attack
While Episource hasn’t detailed how the hackers gained access, one of their clients, Sharp HealthCare, confirmed the breach was a ransomware attack.
What’s Episource Doing Now?
Episource is implementing enhanced security measures to prevent future breaches and is offering affected clients two years of free credit monitoring and identity theft protection services.
The Bottom Line
This massive data breach highlights the vulnerability of sensitive health information in today’s digital world. The impact on the 5.4 million affected individuals could be significant, emphasizing the need for stronger cybersecurity measures across the healthcare industry.