hospital
Image: Getty via Unsplash+

More than 5 million affected by data breach at healthcare tech firm Episource

A tech firm providing services to the healthcare industry said hackers stole information on millions of people in an incident discovered in early February.

Documents filed with the U.S. Department of Health and Human Services Department show that 5,418,866 people had information taken from Episource. 

California-based Episource disclosed in filings with the U.S. Department of Health and Human Services that more than 5.4 million people had their information taken, and said in a notice on its website that hackers had copied files from their system between January 27 and February 6.

The data stolen includes:

  • Social Security numbers
  • Health insurance ID numbers
  • Medicaid-Medicare ID numbers
  • Medical records covering doctor, diagnoses, test results, images, care and treatment

Law enforcement was involved in the investigation and the company said it was forced to turn off its computer system in order to protect customers and their patients. The company did not respond to requests for comment. 

Episource says it provides medical coding and risk adjustment services to doctors, health plans and health companies.

Victims of the data breach either received services from one of the doctors or were members of a health plan that uses Episource’s tools. 

The company said it is working with its customers to help them coordinate providing the notice to everyone affected. 

Episource urged victims to watch their benefit statements in case they are ever charged for services they did not receive. The company set up a call line for victims with questions. 

Some customers of Episource published their own breach notices, including Sharp Healthcare

Episource previously dealt with a data breach in 2023 that leaked much of the same information for an unknown number of people.

Episource was founded in 2006 and acquired in 2023 by Optum — a healthcare giant owned by UnitedHealth that was itself at the center of a large cybersecurity incident last year. Optum itself was forced to take some of its systems offline last February after a ransomware attack on its subsidiary Change Healthcare

That attack ended up leaking the sensitive healthcare information of 190 million people.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
Recorded Future
Tags
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.