Millions of Americans Affected by Episource Cyberattack
In a recent development, medical billing giant Episource has revealed that a cyberattack earlier this year has resulted in the theft of personal and health information of over 5.4 million people across the United States. This breach marks one of the largest healthcare data breaches of the year so far, according to the U.S. Department of Health and Human Services.
Episource, a company owned by UnitedHealth Group’s subsidiary Optum, specializes in providing billing adjustment services to healthcare organizations such as doctors, hospitals, and other healthcare facilities. As a result, the company deals with a significant amount of patient data to process insurance claims.
During the breach that occurred in early February, a criminal was able to access and make copies of patient and member data from Episource’s systems. The stolen information includes personal details like names, addresses, phone numbers, as well as protected health data such as medical record numbers, diagnoses, medications, test results, and other treatment-related information. Additionally, health insurance information like health plans, policies, and member numbers were also compromised.
While Episource did not provide specifics about the cyberattack, Sharp Healthcare, a company working with Episource, confirmed that the breach was caused by ransomware. This incident adds to a series of cybersecurity challenges faced by UnitedHealth in recent years.
In a similar vein, Change Healthcare, a prominent player in the healthcare industry, fell victim to a ransomware attack in February 2024, resulting in the theft of personal and health information of over 190 million Americans. This incident was recorded as the largest healthcare data breach in U.S. history.
Furthermore, UnitedHealth’s Optum unit faced an internal security lapse when an internal chatbot used by employees to inquire about claims was exposed to the internet months later.
