Categories
  1. IDStrong
  2. Sentinel
  3. Data Breaches
  4. What You Need to Know about the Episource Data Breach

What You Need to Know about the Episource Data Breach

Table of Contents

  • Published: Jul 02, 2025
  • Last Updated: Jul 02, 2025

Episource is a California-based healthcare services and technology company that provides risk adjustment and medical coding services to healthcare plans, doctors, and several other types of healthcare organizations. The company offers point-of-care solutions and software services that enable healthcare providers to meet patients wherever they are. This helps close gaps in healthcare and ameliorate health outcomes. With over 8,000 coders, Episource has served well over 18 million members since its inception.

Generally, the healthcare industry has, over the last few years, adopted cloud-based services offered by third parties to scale operations and improve healthcare service efficiency. However, this shift does not come without its risks, one of which is the vulnerabilities of the systems operated by these third-party service providers.

Considering the amount of data kept by third-party healthcare service providers, many of them, including Episource, have recently become targets for data breaches. The recent data breach on Episource’s system impacts no fewer than 5.4 million people. This data incident has led to concerns over the protected health information and the security of sensitive personal data held by the company.

According to Episource, an unauthorized third party gained access to its system between January and February 2025, compromising sensitive personal data and protected healthcare information of some of its customers. Data allegedly exposed in this breach was not the same for all the affected individuals and may have included contact information like name, phone number, address, and email. Also, one or more of the following information may have been compromised:

  • Health information such as diagnoses, test results, doctors, medical record numbers, treatment, images, and care.
  • Health insurance information, such as the names of insurance companies, health plans/policies, Medicaid-Medicare-government payor ID numbers, and member/group ID numbers.
  • Other personal information, like date of birth or Social Security number (SSN). SSNs were exposed in limited instances. 

When Was the Episource Data Breach?

Although the Episource data breach started on January 27, 2025, the company did not find out about the unauthorized access to its computer systems until February 6, 2025.  According to the company, it took immediate steps to halt the activity of the hackers by turning off its computer systems. Afterward, it hired a special team of experts in computer forensics to investigate the breach and determine what data was affected and which individuals were impacted.

While the data breach occurred between late January and early February 2025, Episource did not notify affected individuals until April 23, 2025, through a Notice of Data Breach. In addition, the company subsequently disclosed the data incident to the Texas Attorney General’s office on June 10, 2025.

The company has said no financial data was compromised, even though the stolen information included certain personal information and some medical data. Some reports suggest that Episource may have been targeted in a ransomware attack, but as of early July 2025, no ransomware group has claimed responsibility for the attack.

How to Check If Your Data Was Breached

Episource has notified customers affected by the recent data breach and is sending notices to impacted persons on behalf of its customers. Therefore, you may have received a notification letter from the company if your data was breached in the incident.

Alternatively, you may consider monitoring your financial accounts for unauthorized charges and email accounts for unusual activities. For instance, unusual charges on a bank account and changes in financial account information may suggest that your information has been exposed. Similarly, strange activity like a password reset, unexpectedly sent emails in your outbox, and changes to email accounts not initiated by you may indicate compromised data.

Individuals who feel they may have been affected by the Episource data breach may also check data breach websites like Have I Been Pwned to confirm their suspicions. Typically, anyone may enter their phone number or email address in the appropriate fields on these sites to determine if any such information has appeared in a data breach. However, users should be cautious not to disclose sensitive information while using any of these websites.

Another way to check if your data was breached in the Episource data incident is to review your credit reports for any strange and unauthorized changes. Any of these may be a pointer to compromised information, which may be a result of the recent Episource data breach.

What to Do If Your Data Was Breached

You need to take specific steps to protect yourself if your data was exposed in the recent Episource data breach. For instance, it is important that you become vigilant and regularly monitor the explanation of benefits statements issued by your healthcare providers and those received from your health plan. If you spot any healthcare services you did not enjoy or received listed on an explanation of benefits statement, be sure to contact your healthcare or health plan provider immediately.

It is also crucial to monitor your credit card and bank statements, tax returns, and credit reports for any unusual activity if your sensitive information was exposed in the Episource data breach. If you observe any unfamiliar or suspicious activity, do not hesitate to contact your credit card company and bank, or a relevant government agency, immediately.

Furthermore, if you become a victim of a crime facilitated by any of your stolen data in the Episource data breach, make sure to inform your local law enforcement agencies without delay. You may also consider placing a credit freeze on your credit file. Doing this makes it difficult for anyone to open new accounts in your name using stolen data from the data breach. 

Alternatively, if your information was stolen in the Episource data breach, you may add a fraud alert to your credit report by initiating a fraud alert with all three national credit bureaus. With a fraud alert activated on your credit file, lenders will be notified that you may be a victim of identity theft before processing any credit application in your name. As a result, it is expected that they will take additional steps to verify your identity, which may include contacting you, before processing a credit application.

Are There Any Lawsuits Because of the Data Breach?

Episource faces potential lawsuits, particularly class-action suits from individuals who have accused the company of negligence in safeguarding their personal data following its recent data breach. While the incident is currently being investigated by various class action law firms, only one lawsuit is known to have been instituted against the company as of early July 2025.

The suit, Gantt v. Episource, LLC 2:25-cv-05918, was filed with the U.S. District Court for the Central District of California on June 30, 2025. This class action alleges that Episource’s inadequate security measures were responsible for a data breach that exposed over 5 million persons’ sensitive personal and medical information. According to the plaintiff, this violates HIPAA requirements. Episource was also accused of failing to provide the public with timely breach notification.

Can My Episource Information Be Used for Identity Theft?

Yes. The type of data stolen by hackers in the recent Episource data breach is valuable to cybercriminals and may be used to commit identity theft, as well as, medical identity fraud and insurance fraud. These generally bear long-term consequences, which may be financial and/or emotional.

With personal data like names, contact information, and healthcare information stolen in the Episource data breach, identity thieves may file false medical claims, open new credit accounts, and gain unauthorized access to some government benefits. Similarly, they may exploit Social Security information and commit insurance or tax fraud using information exposed by the data incident.

Additionally, sensitive information exposed by the Episource data breach may end up being traded on the dark web. This further subjects affected individuals to the risk of future attacks,  identity theft, and other grave consequences.

What Can You Do to Protect Yourself Online?

Medical data is a prime target for hackers as it ranks among the most valuable types of personal information. Any breach of healthcare information may lead to identity theft, insurance fraud, and sometimes, blackmail. Hence, considering the recent spate of attacks on healthcare service providers, protecting your personal information, including medical data, online cannot be overstated.

You may do one or more of the following to protect your data and, ultimately, yourself online:

  • Enable two-factor authentication (2FA) on your online accounts and internet devices for an extra layer of security. This makes it difficult for hackers and cybercriminals to access your accounts even if your password has been compromised.
  • Consider signing up for identity theft protection and credit monitoring services to stay proactive against identity theft. These services generally monitor your credit reports and send you real-time alerts about any suspicious activity.
  • Set up strong passwords on your online accounts. Typically, passwords with unique characters containing numbers and letters are considered unique. Avoid sharing your passwords with anyone or writing them anywhere. In addition, avoid reusing passwords across different online accounts or platforms.
  • Install strong antivirus software on your internet devices, including PCs and smartphones, to protect you from malicious links sent to your email boxes and by SMS.
  • Stay updated with the latest trends on cybercrimes by constantly educating yourself through websites like IDStrong.
  • Always watch out for phishing scams that use fraudulent sites and emails to lure unsuspecting people into divulging confidential account or login details.
  • Avoid entering sensitive personal, financial, or medical information on unsecured websites or sending such data over an unsecured internet connection. Before providing such information on a website, confirm that the website address starts with https and that there is a tiny locked padlock symbol on the web page.
  • If you must use the internet, avoid using public Wi-Fi. It is best to use your home wireless network, and while doing that, make sure to protect it with a password.

Table of Contents

Related Articles

News Article

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

News Article

The Saga of T-Mobile Data Breach: 2013, 2015, 2021 and 2023 Hacks

T-Mobile has experienced a number of data breaches in the past decade. The first case occurred som ... Read More

News Article

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. ... Read More

News Article

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that much a ... Read More

News Article

The NSA Hack, How Did it Happen?

The National Security Agency (NSA) was the main attraction in a major data breach involving three ... Read More

Latest Articles

What You Need to Know about the Episource Data Breach

What You Need to Know about the Episource Data Breach

Episource is a California-based healthcare services and technology company that provides risk adjustment and medical coding services to healthcare plans, doctors, and several other types of healthcare organizations.

Read More
What you need to know about the Krispy Kreme Data Breach

What you need to know about the Krispy Kreme Data Breach

The popular doughnut and coffeehouse chain Krispy Kreme was established in 1937 in Winston-Salem, North Carolina. It has grown over the years and currently operates 1,500 shops and 17,900 points of access in 40 nations.

Read More
What You Need to Know about the Ocuco Data Breach

What You Need to Know about the Ocuco Data Breach

Ocuco is a Dublin-based organization that specializes in optical software solutions. Established in 1993 by Leo Mac Canna, the company initially developed software for independent optometrists.

Read More
What You Need to Know about the TxDOT Data Breach

What You Need to Know about the TxDOT Data Breach

The Texas Department of Transportation (TxDOT) is responsible for designing, planning, operating, building, and maintaining the state's transportation system to deliver a reliable and safe transportation system.

Read More
What You Need to Know about the AT&T Data Breach

What You Need to Know about the AT&T Data Breach

AT&T, one of the largest telecommunications providers in the United States and the fourth-largest telecommunications company in the world by revenue, experienced a significant data leak, which became public in June 2025.

Read More
What You Need to Know about the Mainstreet Bank Data Breach

What You Need to Know about the Mainstreet Bank Data Breach

MainStreet is a community-oriented bank in Fairfax, Virginia. Established in 2004, it is under the MainStreet Bancshares Incorporated, a small-cap financial holding organization.

Read More

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

Read More
How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Read More
Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Read More
Comprehensive Identity Monitoring & Protection

1 in 4 Americans Fall Victim to Identity Theft. Beat the Statistics. Protect Your Information Start by Running a Free
Instant Identity Threat Scan

Please enter first name
Please enter last name
Please select a state
Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

I Do Not Agree I Agree
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close