As first reported by Yahoo! News, American medical coding and risk assessment firm Episource has confirmed a data breach that compromised the personal and medical data of approximately 5.4 million individuals. The company detected suspicious activity on its systems on February 6, prompting an internal investigation and the involvement of law enforcement. The breach was later traced back to activity occurring between January 27 and February 6, when cybercriminals accessed and copied sensitive data.
Scope and nature of the compromised information
The stolen information includes a wide range of personally identifiable and health-related data. Specifically, it comprises names, addresses, phone numbers, emails, Social Security numbers, birth dates, insurance policy details, and medical records, including doctors, diagnoses, medications, and test results. While financial details such as credit card and banking information were “largely not impacted,” the breadth of the compromised health and identity data makes the breach highly concerning.
Notifications and precautions underway
Episource began notifying impacted individuals on April 23. In its statement, the company urged those affected to closely monitor their health insurance explanations of benefits, as well as bank and credit card statements, for signs of suspicious activity. The company emphasized that those who detect irregularities or believe they may be victims of fraud should report them to their providers or law enforcement immediately.
Larger trend of healthcare data threats
This incident adds to a growing pattern of cyberattacks targeting healthcare organizations. Earlier this year, a separate breach at Laboratory Services Cooperative exposed over one million records. Healthcare data has become a prime target for cybercriminals due to its value and the challenges individuals face in detecting misuse. The Federal Trade Commission continues to advise the public on spotting healthcare scams and offers guidance for safeguarding personal information.
The Episource breach highlights the persistent vulnerabilities in healthcare IT infrastructure and the significant risks to personal privacy posed by data leaks. As attacks become more frequent and complex, healthcare organizations must bolster cybersecurity defenses while keeping patients informed and protected.
