Epic Management LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Epic Management LLC, a healthcare management company based in Boiling Springs, South Carolina, experienced a significant data security incident that was first identified on September 2, 2021, when unusual activity was detected in its digital environment. The company took immediate steps to secure its systems and engaged independent cybersecurity experts to conduct a thorough investigation. This investigation revealed that an unauthorized actor had accessed certain files and data stored within Epic’s email tenant[1].

The breach was a result of a phishing attack, which exposed a wide range of personal information belonging to patients. This information may have included names, dates of birth, Social Security numbers, health insurance details, medical information, driver’s licenses, passport numbers, financial account numbers and routing numbers, biometric data, usernames and passwords, and payment card numbers along with their expiration dates and security codes[1][2].

Epic Management LLC disclosed that the breach affected patients related to Beaver Medical Group and other healthcare organizations managed by Epic Healthcare Management, indicating a potentially wide impact[2]. The breach was officially reported on November 14, 2022, with 10,862 individuals affected[4].

In response to the incident, Epic Management LLC has taken several steps to mitigate the impact and prevent future breaches. These measures include a comprehensive review of the potentially affected data, offering credit and identity protection services to individuals whose Social Security numbers were impacted, and making alterations to its cyber environment. Additionally, Epic has established a toll-free call center to address questions and concerns related to the breach[1].

The breach at Epic Management LLC is part of a larger trend of cyberattacks targeting healthcare institutions, which are particularly vulnerable due to the sensitive nature of the information they hold. The incident underscores the importance of robust cybersecurity measures and the need for constant vigilance to protect against unauthorized access and data breaches[4].

Citations:

  1. https://www.prnewswire.com/news-releases/epic-management-provides-notice-of-data-security-incident-301703362.html
  2. https://www.idstrong.com/data-breaches/epic-management-llc-breach/
  3. https://ago.vermont.gov/sites/ago/files/2023-01/2022-12-14-Epic-Management-Data-Breach-Notice-to-Consumers.pdf
  4. https://clarksvillenow.com/local/the-biggest-health-care-data-breaches-you-should-know-about-in-tennessee/
  5. https://www.fiercehealthcare.com/health-tech/ardent-health-struggles-get-systems-back-online-hospitals-reopen-emergency-rooms
  6. https://colevannote.com/data-breach-epic-management-llc-epic-healthcare-management-llc/
  7. https://www.doj.nh.gov/consumer/security-breaches/e.htm
  8. https://www.hipaajournal.com/november-2022-healthcare-data-breach-report/
Breach Submission Date Nov 14, 2022
Converted Entity Name Epic Management LLC
Converted Entity Type Healthcare Provider
State TN
Individuals Affected 10,862
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes