- Episource Led a Cyberattack at the end of January 2025
- Sensitive data about 5.4 million people were taken
- The company is now notifying affected persons
American Healthcare Data Giant Episource has begun to notify its customers of a data on data on data in February 2025 when their sensitive information was stolen.
Episource is a health data and technology company that helps health plans to manage risk adjustment, quality measurement and clinical data through analysis, coding and technology solutions.
On February 6, 2025, the company discovered a threat actor who violated his defense and access to sensitive files it had stored on its devices. After closing the IT network, bringing a third-party forensic experts and informing law enforcement, the company decided that attackers took “copies of some data” between January 27 and February 6, 2025.
Personally identifiable data
The data included health plans/policies, insurance companies, members/group ID numbers and Medicaid-Medicare-Government Payor ID numbers.
It also included health data such as medical journal number, doctors, diagnoses, medicine, test results, images, care and processing as well as other personal data such as birth dates or social security number (SSN).
In a separate report filed in the meantime to the US Ministry of Health and Human Services for Civil Rights, Episource confirmed that exactly 5,418,866 people were affected by the attack.
Previous reports also stated that the company began notifying them on April 23, 2025, although this was unhappy reports.
Cyber criminals are often targeted at health organizations for their data as it can be abused in phishing, identity theft and other forms of fraud.
Crooks can use the data to design personalized, compelling E emails that can trick the victims to download malware or share login credentials. Therefore, episource is now calling for individuals to remain vigilant and look after potential imitation and scam trials.
Via Techcrunch
