Medical billing big Episource is notifying thousands and thousands of individuals throughout the USA that their private and well being data was stolen in a cyberattack earlier this 12 months.
The breach impacts greater than 5.4 million folks, based on an inventory with the U.S. Division of Well being and Human Providers, making it one of many largest healthcare breaches of the 12 months up to now.
Episource, owned by medical insurance big UnitedHealth Group’s subsidiary Optum, offers billing adjustment to the docs, hospitals, and different organizations that work within the healthcare trade. As such, the corporate handles massive quantities of sufferers’ private and medical information to course of claims by way of their medical insurance.
In notices filed in California and Vermont on Friday, Episource mentioned a prison was capable of “see and take copies” of affected person and member information from its programs through the weeklong breach ending February 6.
The stolen data consists of private data, similar to names, postal and e-mail addresses, and cellphone numbers, in addition to protected well being information, together with medical document numbers, and information regarding docs, diagnoses, medicines, take a look at outcomes, imaging, care, and different therapy. The stolen information additionally accommodates medical insurance data, like well being plans, insurance policies, and member numbers.
Episource didn’t describe the character of the incident, however Sharp Healthcare, one of many corporations that works with Episource and was affected by the cyberattack, advised its clients that the Episource hack was attributable to ransomware.
That is the newest cybersecurity incident to hit UnitedHealth in recent times.
Change Healthcare, one of many largest corporations within the U.S. healthcare trade that processes billions of well being transactions every year, was hacked by a ransomware gang in February 2024, resulting in the theft of greater than 190 million Individuals’ private and well being data. The cyberattack was the biggest healthcare information breach in U.S. historical past.
A number of months later, UnitedHealth’s Optum unit left an inside chatbot utilized by workers to ask about claims uncovered to the web.
