Episource Confirms 5.4 Million-Record Ransomware Data Breach
Episource has recently confirmed that the protected health information of more than 5.4 million individuals was compromised in a February 2025 ransomware attack. Episource, a subsidiary of UnitedHealth Group’s Optum, provides a range of services to healthcare providers, health plans, and other health companies, including medical coding and risk adjustment services.
In a website data breach notice, Episource explained that unusual activity was identified within its network on February 6, 2025. Measures were taken to contain the activity, the incident was reported to law enforcement, and third-party cybersecurity and digital forensics experts were engaged to investigate the activity. The investigation confirmed unauthorized access to its computer systems between January 27, 2025, and February 6, 2025, and evidence was found of data exfiltration. At the time of posting its substitute breach notice, no evidence had been found indicating any misuse of personal or protected health information from the Episource data breach.
The types of information compromised in the incident vary from individual to individual and may have included names, dates of birth, Social Security numbers, addresses, phone numbers, email addresses, health insurance information, Medicare/Medicaid numbers, medical record numbers, physicians’ names, diagnoses, test results, medical images, treatment information, and other information related to patient care.
Episource said it has been issuing notification letters since April 23, 2025, on a rolling basis to the affected individuals, and the incident is now shown on the HHS Office for Civil Rights breach portal as affecting 5,418,866 individuals. Some of its affected healthcare clients have chosen to report the data breach themselves, including Sharp Healthcare, which reports that 24,971 individuals were affected, and Sharp Community Medical Group, which said 2,029 individuals were affected. Other affected clients may also have chosen to report the breach themselves.
Episource has confirmed that steps have been taken to strengthen system security, and complimentary credit monitoring and identity theft protection services have been made available. The affected individuals have been advised to be vigilant against identity theft and fraud and should regularly check their account statements, explanation of benefits statements, and tax returns for fraudulent activity.