Healthcare Services Firm Episource Suffers Data Breach Impacting 5.4 Million People
In a recent report submitted to federal regulators, healthcare services firm Episource revealed that a data breach has exposed information from 5.4 million individuals. The breach was discovered after the company detected unusual activity on its computer systems in February. An investigation later revealed that a cybercriminal had gained unauthorized access and stolen some of Episource’s data.
This incident ranks as one of the largest healthcare data breaches reported to the HHS’ Office for Civil Rights this year, trailing behind only a breach at Yale New Haven Health System, which affected approximately 5.6 million individuals.
Episource specializes in providing medical coding and risk adjustment services to healthcare providers, health plans, and other organizations within the healthcare industry. The data compromised in the breach includes contact information, health insurance details, and sensitive health data such as medical record numbers, diagnoses, test results, and treatment information. Personal data like Social Security numbers and birth dates may also have been exposed.
Despite the breach, Episource has not received reports of any data misuse thus far. The company is actively collaborating with affected healthcare organizations to notify individuals whose data has been compromised.
One of the impacted customers is Sharp Healthcare, a San Diego-based health system, which confirmed that it was affected by the breach. Sharp Healthcare and its medical group reported breaches to OCR that impacted over 24,000 and 2,000 individuals, respectively.
The rise in healthcare data breaches can be attributed to cyberattacks like hacking and ransomware, a form of malware that restricts users from accessing their data until a ransom is paid. These attacks can result in the exposure of vast amounts of patient data. For instance, a ransomware attack on UnitedHealth subsidiary Change Healthcare last year compromised data belonging to a staggering 190 million individuals.
The healthcare sector continues to grapple with data breaches in 2025. In addition to the breach at Episource, a recent breach at Yale occurred when an unauthorized third party gained access to its network. Furthermore, a breach at Blue Shield of California impacted 4.7 million individuals after it was discovered that Google Analytics, a vendor employed by Blue Shield, had been sharing member data with Google Ads for several years.
The increasing frequency of healthcare data breaches underscores the critical need for robust cybersecurity measures within the industry to safeguard patient information and prevent unauthorized access to sensitive data.
