- Episource suffered a cyberattack in late January 2025
- Delicate information on 5.4 million individuals was taken
- The corporate is now notifying affected people
American healthcare information big Episource has begun notifying its prospects a couple of February 2025 information breach during which their delicate info was stolen.
Episource is a healthcare information and know-how firm that helps well being plans handle danger adjustment, high quality measurement, and scientific information by analytics, coding, and know-how options.
On February 6, 2025, the corporate noticed a risk actor breaching its defenses and accessing delicate information it had saved on its units. After shutting down the IT community, bringing in third-party forensics consultants, and notifying regulation enforcement, the corporate decided that the attackers took “copies of some information” between January 27 and February 6, 2025.
Personally identifiable information
The info included well being plans/insurance policies, insurance coverage corporations, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers.
It additionally included well being information comparable to medical document numbers, medical doctors, diagnoses, medicines, check outcomes, photographs, care, and remedy, in addition to different private information comparable to dates of delivery or Social Safety numbers (SSN).
In a separate report, filed within the meantime with the US Division of Well being and Human Companies Workplace for Civil Rights, Episource confirmed that precisely 5,418,866 individuals have been affected by the assault.
Earlier studies additionally said the corporate began notifying them on April 23, 2025, though these have been unconfirmed studies.
Cybercriminals usually goal healthcare organizations for his or her information, since it may be abused in phishing, id theft, and different types of scams.
Crooks can use the information to craft personalised, convincing emails, which might trick the victims into downloading malware or sharing login credentials. That’s the reason Episource is now urging impacted people to remain vigilant, and be careful for potential impersonation and rip-off makes an attempt.
By way of TechCrunch
