Medical billing company Episource is alerting more than 5.4 million individuals across the U.S. after their personal and health information was stolen in a cyberattack earlier this year, making it one of 2025’s largest healthcare breaches so far.
In official filings in California and Vermont, Episource confirmed that a criminal accessed its systems during a weeklong breach ending February 6, stealing sensitive data including:
- Names, addresses, phone numbers, and email addresses
- Medical record numbers and health data such as diagnoses, medications, imaging, and treatment details
- Health insurance details, including member numbers and policy information
Episource, a subsidiary of UnitedHealth Group’s Optum, works with doctors, hospitals, and other providers to handle billing and insurance claims, giving it access to vast amounts of private medical data.
While Episource didn’t publicly reveal how the breach occurred, Sharp Healthcare, one of its clients, disclosed that ransomware was responsible for the attack.
This breach adds to a growing list of cybersecurity incidents involving UnitedHealth. In February 2024, its subsidiary Change Healthcare suffered the largest healthcare data breach in U.S. history, impacting 190+ million Americans. Later, an internal Optum chatbot was also left exposed online, raising further privacy concerns.
Episource says affected individuals will be contacted directly and offered resources to help protect their information.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
