Millions at Risk After US Healthcare Firm Episource Suffers Data Breach

Sensitive health and personal data of millions of people exposed in a targeted cyberattack on a major healthcare services provider.

Healthcare data compromised over 10-day intrusion

California-based Healthcare services provider Episource has confirmed that a recent cybersecurity incident exposed sensitive personal and medical data belonging to 5.4 million people.

During the breach, which was discovered on Feb. 6, threat actors accessed and exfiltrated data from the company’s systems over a 10-day period starting Jan. 27.

Upon detecting suspicious activity, Episource immediately shut down portions of its infrastructure, launched an internal investigation, and contacted external cybersecurity experts and police.

Although no evidence of misuse has surfaced, the scope of the data breach has raised serious concerns among both healthcare consumers and organizations.

Wide range of data potentially exposed

According to Episource, the stolen data varies by individual and comprises a broad range of information, including:

• Names
• Addresses
• Phone numbers
• Email addresses
• Health insurance records
• Diagnoses
• Medications
• Treatment histories
• Dates of birth
• Social Security Numbers (SSNs)

The company began notifying affected partners and individuals on April 23, providing specific guidance on what personal data may have been involved and urging people to monitor their financial, health, and tax-related accounts for irregular activity.

Healthcare sector faces growing cyber threats

The breach at Episource is part of a troubling trend in the healthcare industry, a prime target for threat actors.

In a separate incident earlier this year, Yale New Haven Health System disclosed that data from 5.5 million patients had been exposed in a cyberattack.

The YNHHS attack also exposed a plethora of sensitive information, including full names, dates of birth, SSNs, medical record numbers, patient type data, email addresses, and telephone numbers.

How to deal with data breach fallout

While data breaches are often beyond an individual’s control, staying informed and taking proactive steps remain essential for minimizing impact.

Dedicated solutions, like Bitdefender Digital Identity Protection, can help you monitor the extent of your online data and act quickly in the event of a data breach. It constantly scans the public and Dark Web for traces of your data, notifies you if it has been compromised by a leak, and allows you to instantly patch holes in your digital footprint.