- Episource confirms cyberattack with patient data stolen
- The theft happened at the end of January 2025 and includes politics and Medicaid information
- Customers are encouraged to remain vigilant
American Healthcare Data Giant Episource has confirmed to suffer a cyber attack in which the lost sensitive data of more than five million people.
In a message of violation of data published on the company’s website, it said the penetration was discovered on February 6, 2025, and after closing the IT network, brought in a third-party forensic experts and announced legal enforcement, the company learned that Miscreats took “copies of some data between 27 and 6 February 2025.
The data includes health plans/policies, insurance companies, members/group ID numbers and Medicaid-Medicare-Government Payor ID numbers. It also includes health data such as medical journal number, doctors, diagnoses, medicine, test results, images, care and processing as well as other personal data such as birth dates or social security number (SSN).
Increased credibility
Cyber criminals are often targeted at health organizations for their data as it can be abused in phishing, identity theft and other forms of fraud.
Crooks can use the data to design personalized, compelling E emails that can trick the victims to download malware or share login credentials.
At the same time, Episource submitted a new report to the US Ministry of Health and Human Services for Civil Rights’ violation portal, which confirmed exactly 5,418,866 people was affected by this attack.
The company started notifying them on April 23, 2025, it was said. It did not say which providers it announced, but emphasized that not everyone was affected by the attack.
Episource is a health data and technology company that helps health plans to manage risk adjustment, quality measurement and clinical data through analysis, coding and technology solutions.
It encourages affected individuals to remain vigilant and watch out for potential imitation and scam.
Via Bleeping computer
