EpiSource
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
EpiSource, a medical coding vendor used by various health plans, experienced a data security incident that may have affected personal information. The breach was discovered on February 20, 2023, when EpiSource’s threat detection system detected suspicious activity related to their Amazon Web Services (AWS) environment. The unauthorized access occurred between February 19th and February 21st. EpiSource responded by containing the incident and enhancing their security controls and monitoring practices to prevent similar future incidents[1].
The information potentially involved in the breach included names, dates of birth, addresses, phone numbers, medical record numbers, health plan information including ID numbers, provider information, and clinical data such as diagnoses and medications. Social Security numbers, driver’s license numbers, or financial account information were not disclosed or accessed[1].
EpiSource has offered affected individuals one year of complimentary LifeLock Standard™ identity theft protection services and has advised them to monitor their medical statements and explanation of benefits statements for any unfamiliar healthcare services. They have also provided information on how to obtain free annual credit reports and suggested placing a fraud alert or security freeze on credit files[1].
For more information or assistance, EpiSource established a toll-free hotline for affected individuals to contact[1].
Citations:
- https://oag.ca.gov/system/files/EpiSource%20Notice%20Letter%20%285.27.23%29.pdf
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://www.databreaches.net/december-was-one-of-the-busiest-months-for-health-data-breach-disclosures/
- https://original.newsbreak.com/@openclassactions-com-1602283/3068285651365-did-you-receive-a-notice-from-episource-llc-your-data-may-have-been-breached-and-you-may-be-owed-cash
- https://www.hackmageddon.com/2023/07/19/1-15-june-2023-cyber-attacks-timeline/
- https://archive.org/details/cadoj_episource_sb24-567518
- https://colevannote.com/investigations/
- https://oag.ca.gov/privacy/databreach/list
- https://ghgadvisors.com/on-demand-webinar-strategies-ensure-accurate-coding-submission-upstream-encounter-data/
- https://www.episource.com
- https://www.cbsnews.com/losangeles/news/united-healthcare-reports-data-breach-that-may-have-revealed-customers-personal-information/
- https://dojmt.gov/consumer/databreach/
- https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-june-2023