Episource, a U.S.-based medical coding and risk assessment firm, revealed that it faced a data breach earlier this year. On February 6, Episource detected irregular activity within its systems and initiated an investigation with a specialized team and law enforcement. They found that a cybercriminal had accessed and duplicated data from January 27 to February 6.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights indicated that the breach impacted around 5.4 million individuals. Episource informed HHS about the incident on June 6. The compromised data encompassed:

– Contact details: Names, addresses, phone numbers, and email addresses
– Personal data: Social Security numbers or dates of birth
– Health insurance information: Health plans/policies, insurance providers, member/group ID numbers, and Medicaid/Medicare/government payer ID numbers
– Health records: Medical record numbers, physician names, diagnoses, medications, test outcomes, images, care, and treatment

Financial, banking, and credit card data were mostly unaffected. Episource started to inform impacted individuals on April 23, recommending that they monitor their healthcare plan explanations of benefits and bank statements. Any suspicious activities should be reported to the appropriate authorities, such as credit card companies or healthcare providers. If individuals believe they are victims of a crime, they should reach out to law enforcement.

Earlier this year, another major healthcare data breach at Laboratory Services Cooperative affected more than a million individuals. Healthcare scams, akin to romance and other online frauds, are prevalent. The Federal Trade Commission offers guidance on recognizing healthcare scams, including warning signs and safety measures before enrolling in a health insurance plan.