Episource LLC Healthcare Clients Affected by Ransomware Attack

June 22, 2025HIPAA News0

Episource LLC provides healthcare providers and health plans with software solutions, medical coding, and risk adjustment services. The company encountered a cyberattack that resulted in the theft of client information. It noticed the attack on February 6, 2025 after seeing suspicious activity inside its system. All computer programs were shut down to avoid continuing unauthorized access. Episource notified law enforcement and engaged third-party cybersecurity specialists to help investigate and find out the nature and extent of the unauthorized activity.

Based on the forensic investigation, the unauthorized access to its computer systems happened from January 27, 2025 to February 6, 2025. Episource notified the California Attorney General concerning the breach on June 6, 2025. During that time, there was no report of misuse of the breached information. Episource began sending individual notification letters to the impacted persons on April 23, 2025.

The analysis of the breached files showed that they included a selection of information, which differed from one person to another. The following details are possibly compromised: names, addresses, telephone numbers, email addresses, along with at least one of these data:

  • Health data: physicians’ names, diagnosis details, treatment data, prescription medications, lab test results, medical record numbers, and medical images.
  • Health plan details: health insurance policies, names of companies, Medicaid/Medicare payor ID numbers, and member/group ID numbers
  • Other personal data, for instance, birth date

Episource stated that it is improving its system security to avoid the same breaches later on and that the impacted people are offered two years of free credit monitoring and identity theft protection services. Information about the nature of the attack was not included in the notification letters, but it’s likely a ransomware attack. The group responsible for the attack is presently unknown.

The Episource data breach affected Sharp Community Medical Group and Sharp HealthCare among other clients. The number of impacted clients is still uncertain since many were affected. The number of impacted individuals is still unknown since the incident is not yet posted on the OCR breach portal.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas is a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas such as data protection and innovations such as telehealth. Follow Thomas on X https://x.com/Thomas7Brown

ComplianceHome is a registered trademark. Copyright © 2025 ComplianceHome. All rights reserved.