Medical billing big Episource is notifying hundreds of thousands of individuals throughout america that their private and well being data was stolen in a cyberattack earlier this yr.
The breach impacts greater than 5.4 million folks, in accordance with a listing with the U.S. Department of Health and Human Services, making it one of many largest healthcare breaches of the yr thus far.
Episource, owned by medical health insurance big UnitedHealth Group’s subsidiary Optum, supplies billing adjustment to the medical doctors, hospitals, and different organizations that work within the healthcare business. As such, the corporate handles massive quantities of sufferers’ private and medical information to course of claims by their medical health insurance.
In notices filed in California and Vermont on Friday, Episource stated a legal was in a position to “see and take copies” of affected person and member information from its techniques through the weeklong breach ending February 6.
The stolen data consists of private data, reminiscent of names, postal and e-mail addresses, and telephone numbers, in addition to protected well being information, together with medical file numbers, and information regarding medical doctors, diagnoses, medicines, take a look at outcomes, imaging, care, and different remedy. The stolen information additionally accommodates medical health insurance data, like well being plans, insurance policies, and member numbers.
Episource didn’t describe the character of the incident, however Sharp Healthcare, one of many firms that works with Episource and was affected by the cyberattack, instructed its prospects that the Episource hack was caused by ransomware.
That is the newest cybersecurity incident to hit UnitedHealth lately.
Change Healthcare, one of many largest firms within the U.S. healthcare business that processes billions of well being transactions every year, was hacked by a ransomware gang in February 2024, resulting in the theft of greater than 190 million People’ private and well being data. The cyberattack was the biggest healthcare information breach in U.S. historical past.
A number of months later, UnitedHealth’s Optum unit left an inside chatbot utilized by staff to ask about claims uncovered to the web.