The violation of data from the Episource Health Service Company affects 5.4 m

Diving brief:

• A data violation in the health service company, Episource, has exposed information of 5.4 million people, according to a report subject earlier this month to federal regulators.
• The company detected an unusual activity on its IT systems in February, and an investigation revealed that a cybercriminal had accessed and stolen from some of its data, said Episource in a notification of violation.
• The incident is one of the greatest violations of health care data reported at the HHS civil rights office so far, just after a violation of the Yale New Haven health system, which has exposed health information of around 5.6 million people.

Diving insight:

Episource offers medical coding and risk adjustment services to suppliers, health plans and other health care organizations.

The data exposed in the violation may include contact details, health insurance details and health data, such as medical file numbers, doctors, diagnostics, test results and processing. Other personal information such as social security numbers and birth dates may also be compromised.

Episource is not aware of improper use of data to date, the company said in its opinion of violation.

According to the opinion, all the customers of the company have not been affected, and Episource works with affected health care organizations to inform people with exposed data, according to the advice.

An affected client is Sharp health, which said that Episource confirmed at the end of April that the health system based in San Diego had been affected by the “violation of ransomware data”. Earlier this month, Sharp and his medical group pointed out violations to the OCR which affected more than 24,000 and 2,000 people respectively.

The incident in Episources occurs the number of data violations in the health sector has climbed, motivated by hacking and ransomware, a type of malware that refuses users access to their data until a ransom is paid.

Cyberattacks can also expose significant amounts of data on patients. Last year, a ransomware attack on United Change Healthcare compromised the data of 190 million records.

Millions of people continue to be affected by health care offenses in 2025. Yale’s violation reported this spring after an unauthorized third party had access to its network.

In addition, 4.7 million people were affected by a breach at Blue Shield of California after the insurer learned Google Analytics, a Blue Shield supplier used to follow the use of its websites, shared members of members with the Google Ads advertising service for several years.