Episource Cyberattack Attack Affects More Than 5.4 Million Individuals
Episource LLC, a UnitedHealth (Optum) subsidiary that provides medical coding, risk adjustment services, and software solutions for healthcare providers and health plans, has experienced a cyberattack involving the theft of customer data. A network intrusion was detected on February 6, 2025, after suspicious activity was identified within its computer network. All computer systems were powered down to prevent further unauthorized access, law enforcement was notified, and third-party cybersecurity experts were engaged to assist with the investigation and determine the nature and scope of the unauthorized activity.
The forensic investigation confirmed there had been unauthorized access to its computer systems between January 27, 2025, and February 6, 2025. The California Attorney General was notified about the breach on June 6, 2025, and at that time, Episource said it was unaware of any misuse of the compromised data, although it has confirmed that there was data exfiltration. Individual notification letters have been issued on a rolling basis since April 23, 2025.
The review of the compromised files confirmed that they contained a range of data, which varied from individual to individual. Potentially compromised data included names and contact information (address, phone number, and email address), together with one or more of the following:
- Health information: diagnosis information, treatment information, prescriptions, test results, medical images, medical record numbers, and doctors’ names.
- Health plan information: health plan policies, company names, member/group ID numbers, and Medicaid/Medicare payor ID numbers
- Other personal information, such as date of birth
Episource, which was founded in 2006 and acquired by UnitedHealth Group subsidiary Optum in 2023, said it is strengthening system security to prevent similar breaches in the future, and that the affected individuals are being offered two years of complimentary credit monitoring and identity theft protection services. Episource did not disclose the nature of the attack in its notification letters; however, this appears to be a ransomware attack. The group responsible is currently unknown.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Sharp HealthCare (24,971 individuals) and Sharp Community Medical Group (2,029 individuals) have confirmed that they have been affected by the incident, as has Wellcare, but it is currently unclear how many other clients have been impacted. While the total number of affected individuals is currently unknown, Episource has reported the data breach to the HHS’ Office for Civil Rights on behalf of some of its affected clients. The listing indicates 5,418,866 individuals have been affected, which makes this the second-largest healthcare data breach to be reported so far this year, behind the 5.47 million-record data breach at Yale New Haven Health System.
