Episource Data Breach: Millions Affected

Data Breach at Episource Impacts Millions

Episource, a major medical billing company, is informing millions of individuals throughout the United States about a data security incident. Personal and health information was compromised in a cyberattack that occurred earlier this year.

Scale of the Breach

The breach impacts over 5.4 million individuals, as reported to the U.S. Department of Health and Human Services. This positions it as one of the most significant healthcare data breaches recorded thus far in the current year.

Episource's Role in Healthcare

Episource operates as a subsidiary of Optum, which is owned by health insurance leader UnitedHealth Group. The company specializes in billing adjustments for doctors, hospitals, and other healthcare providers.

Consequently, Episource processes substantial volumes of patient data to facilitate claims processing with health insurance companies.

Details of the Incident

According to notices submitted in California and Vermont, unauthorized access to patient and member data occurred over a week-long period, concluding on February 6th. A criminal actor was able to view and copy sensitive information from the company’s systems.

Types of Data Compromised

The stolen data encompasses a wide range of personal identifiers, including names, postal addresses, email addresses, and phone numbers.

Protected health information was also exposed, such as medical record numbers, details regarding physicians, diagnoses, medications, test results, imaging reports, care details, and other treatment information.

Furthermore, health insurance details, including plan names, policy numbers, and member identification numbers, were included in the compromised data.

Ransomware Connection

While Episource has not publicly detailed the nature of the incident, Sharp Healthcare, a partner affected by the attack, indicated that ransomware was the cause.

Recent Cybersecurity Issues at UnitedHealth

This incident represents the latest in a series of cybersecurity challenges faced by UnitedHealth in recent times.

Previous Incidents

In February 2024, Change Healthcare, a large U.S. healthcare transaction processor, was targeted by a ransomware attack. This resulted in the theft of information belonging to over 190 million Americans, marking the largest healthcare data breach in U.S. history.

Several months later, an internal chatbot utilized by UnitedHealth’s Optum employees to address claims-related inquiries was inadvertently exposed on the internet.

Impact and Ongoing Concerns

These breaches highlight the increasing vulnerability of healthcare organizations to cyberattacks and the critical need for robust data security measures.

The compromised data poses a significant risk of identity theft and fraud for the millions of individuals affected.