- Episource confirms cyberattack with patient data stolen
- The theft happened in late January 2025, and includes policy and MedicAid information
- Customers are urged to remain vigilant
American healthcare data giant Episource has confirmed suffering a cyberattack in which it lost sensitive data on more than five million people.
In a data breach notification published on the company’s website, it said the intrusion was spotted on February 6, 2025, and after shutting down the IT network, bringing in third-party forensics experts, and notifying law enforcement, the company learned the miscreants took “copies of some data” between January 27 and February 6, 2025.
The data includes health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers. It also includes health data such as medical record numbers, doctors, diagnoses, medicines, test results, images, care, and treatment, as well as other personal data such as dates of birth or Social Security numbers (SSN).