Epic Management LLC
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Epic Management LLC, a healthcare management company based in Boiling Springs, South Carolina, experienced a significant data security incident that was first identified on September 2, 2021, when unusual activity was detected in its digital environment. The company took immediate steps to secure its systems and engaged independent cybersecurity experts to conduct a thorough investigation. This investigation revealed that an unauthorized actor had accessed certain files and data stored within Epic’s email tenant[1].
The breach was a result of a phishing attack, which exposed a wide range of personal information belonging to patients. This information may have included names, dates of birth, Social Security numbers, health insurance details, medical information, driver’s licenses, passport numbers, financial account numbers and routing numbers, biometric data, usernames and passwords, and payment card numbers along with their expiration dates and security codes[1][2].
Epic Management LLC disclosed that the breach affected patients related to Beaver Medical Group and other healthcare organizations managed by Epic Healthcare Management, indicating a potentially wide impact[2]. The breach was officially reported on November 14, 2022, with 10,862 individuals affected[4].
In response to the incident, Epic Management LLC has taken several steps to mitigate the impact and prevent future breaches. These measures include a comprehensive review of the potentially affected data, offering credit and identity protection services to individuals whose Social Security numbers were impacted, and making alterations to its cyber environment. Additionally, Epic has established a toll-free call center to address questions and concerns related to the breach[1].
The breach at Epic Management LLC is part of a larger trend of cyberattacks targeting healthcare institutions, which are particularly vulnerable due to the sensitive nature of the information they hold. The incident underscores the importance of robust cybersecurity measures and the need for constant vigilance to protect against unauthorized access and data breaches[4].
Citations:
- https://www.prnewswire.com/news-releases/epic-management-provides-notice-of-data-security-incident-301703362.html
- https://www.idstrong.com/data-breaches/epic-management-llc-breach/
- https://ago.vermont.gov/sites/ago/files/2023-01/2022-12-14-Epic-Management-Data-Breach-Notice-to-Consumers.pdf
- https://clarksvillenow.com/local/the-biggest-health-care-data-breaches-you-should-know-about-in-tennessee/
- https://www.fiercehealthcare.com/health-tech/ardent-health-struggles-get-systems-back-online-hospitals-reopen-emergency-rooms
- https://colevannote.com/data-breach-epic-management-llc-epic-healthcare-management-llc/
- https://www.doj.nh.gov/consumer/security-breaches/e.htm
- https://www.hipaajournal.com/november-2022-healthcare-data-breach-report/