Episource Company Cyber Security Posture

episource.com

Episource is a leading provider of risk adjustment services, software, and solutions for health plans and provider groups. As an integrated platform, Episource empowers Commercial, Medicare, and Medicaid payers and providers with end-to-end risk adjustment solutions, including risk adjustment analytics, medical record retrieval, medical chart coding, and encounter submissions. We are reinventing how healthcare organizations manage their member populations in an ever-changing landscape โ€” and this is no easy task. We pursue people who take pride in their work and hold themselves to high standards to achieve it. Craft your career and grow with us at episource.com/pages/about

Episource Company Details

Linkedin ID:

episource

Employees number:

3285 employees

Number of followers:

101612.0

NAICS:

541

Industry Type:

IT Services and IT Consulting

Homepage:

episource.com

IP Addresses:

Scan still pending

Company ID:

EPI_2576294

Scan Status:

In-progress

AI scoreEpisource Risk Score (AI oriented)

Between 900 and 1000

This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.

globalscoreEpisource Global Score
blurone
Ailogo

Episource Company Scoring based on AI Models

Model NameDateDescriptionCurrent Score DifferenceScore
AVERAGE-Industry03-12-2025

This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers.

N/A

Between 900 and 1000

Episource Company Cyber Security News & History

Past Incidents
3
Attack Types
2
EntityTypeSeverityImpactSeenUrl IDDetailsView
EpisourceBreach8546/2025EPI300062325Link
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: Unknown miscreants have stolen data describing around 5.4 million customers of healthcare technology firm Episource. The company, which offers a range of tech services in the healthcare sector, admitted to having records stolen in a breach notification letter published last week. Episource said that the incident took place sometime between January 27 and February 6 of this year, though it didn't specify exactly how 'a cybercriminal was able to see and take copies of some data in our computer system.' Whoever made off with the data accessed victimsโ€™ Social Security numbers, dates of birth, plus health care data including diagnoses, prescriptions, medical images, and treatment plans. The attackers also stole health insurance data.

EpisourceRansomware1006/2025EPI601061425Link
Rankiteo Explanation :
Attack threatening the organizationโ€™s existence

Description: Episource, a medical software company, suffered a data breach in January 2025 that compromised medical records and health insurance information. The breach, resulting from a ransomware attack, affected personal information including health data, health insurance data, and contact information. Sharp Healthcare, a client of Episource, also notified patients of the breach. The Texas Attorney General reported 24,259 people were notified of the breach in Texas alone, indicating a significant impact on customers' data.

EpisourceRansomware10047/2025EPI415071725Link
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: A data breach at Episource, a medical billing company, exposed the personal and health information of over 5.4 million people. The breach, discovered on February 6, 2025, involved cybercriminals accessing and copying sensitive data for about 10 days. The compromised data includes names, addresses, phone numbers, email addresses, Social Security numbers, dates of birth, insurance details, Medicaid and Medicare information, and protected health information such as diagnoses, medications, test results, and medical treatment records.

Episource Company Subsidiaries

SubsidiaryImage

Episource is a leading provider of risk adjustment services, software, and solutions for health plans and provider groups. As an integrated platform, Episource empowers Commercial, Medicare, and Medicaid payers and providers with end-to-end risk adjustment solutions, including risk adjustment analytics, medical record retrieval, medical chart coding, and encounter submissions. We are reinventing how healthcare organizations manage their member populations in an ever-changing landscape โ€” and this is no easy task. We pursue people who take pride in their work and hold themselves to high standards to achieve it. Craft your career and grow with us at episource.com/pages/about

Loading...

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=episource' -H 'apikey: YOUR_API_KEY_HERE'
newsone

Episource Cyber Security News

2025-07-14T19:07:18.000Z
Episource is notifying millions of people that their health data was stolen

The UnitedHealth-owned medical coding service was hacked earlier this year by a ransomware gang.

2025-06-19T07:00:00.000Z
Cybersecurity News: Episource Breach, Predatory Sparrow strikes again, Swiss banks data leak

Episource Breach, Predatory Sparrow strikes again, Swiss banks data leak, Feds seize crypto funds linked to investment scams.

2025-06-19T07:00:00.000Z
UnitedHealth subsidiary exposes 5.5M patient records to hackers

Health IT company Episource confirmed a ransomware attack of its network exposed data from payer and provider customers alike, with detailsย ...

2025-06-20T07:00:00.000Z
Data breach at healthcare services firm Episource affects 5.4M

A data breach at healthcare services firm Episource exposed information from 5.4 million people, according to a report submitted earlier thisย ...

2025-06-20T07:00:00.000Z
Episource data breach affects 5.4M individuals

Learn about a multi-million-record data breach at IT vendor Episource, which provides risk adjustment and coding services to health plansย ...

2025-06-18T16:52:11.000Z
More than 5 million affected by data breach at healthcare tech firm Episource

A tech firm providing services to the healthcare industry said hackers stole information on millions of people in an incident discovered in early February.

2025-06-28T07:00:00.000Z
5.4 million patient records exposed in healthcare data breach

Episource, a big name in healthcare data analytics and coding services, has confirmed a major cybersecurity incident (via Bleeping Computer).

2025-06-19T07:00:00.000Z
Healthcare data breach impacts over five million Americans

American medical coding and risk assessment firm Episource confirmed it was hit with a data breach earlier this year.

2025-06-10T07:00:00.000Z
Episource Data Breach Investigation

In early February 2025, Episource discovered unusual activity in its computer systems. An investigation determined that a cybercriminal hadย ...

similarCompanies

Episource Similar Companies

Tech Mahindra

Tech Mahindra offers technology consulting and digital solutions to global enterprises across industries, enabling transformative scale at unparalleled speed. With 150,000+ professionals across 90+ countries helping 1100+ clients, TechM provides a full spectrum of services including consulting, info

Serco

We bring together the right people, the right technology and the right partners to create innovative solutions that make positive impact and address some of the most urgent and complex challenges facing the modern world. With a focus on serving governments globally, Sercoโ€™s services span justice,

Persistent Systems

We are an AI-led, platform-driven Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry expertise to help our clients anticipate whatโ€™s next. Our offerings and proven solutions create a unique competitive advantage for our clients by giving them th

Ingram Micro

Ingram Micro is a leading technology company for the global information technology ecosystem. With the ability to reach nearly 90% of the global population, we play a vital role in the worldwide IT sales channel, bringing products and services from technology manufacturers and cloud providers to a h

Tietoevry

In a rapidly changing world, technology is everything. It's in the fabric of society. In every part of every business. At the very heart of human evolution. Itโ€™s a great power that comes with great responsibility. At Tietoevry, we believe itโ€™s time to shift perspective. Itโ€™s not about what technolo

Accenture Brasil

A Accenture โˆšยฉ uma empresa lโˆšโ‰ der global de serviโˆšรŸos profissionais que ajuda grandes companhias, governos e outras organizaโˆšรŸโˆšยตes a construir sua essโˆšโ„ขncia digital, otimizar suas operaโˆšรŸโˆšยตes, acelerar o crescimento das receitas e aprimorar serviโˆšรŸos ao cidadโˆšยฃo โ€šร„รฌ criando valor tangโˆšโ‰ vel com veloc

faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

Episource CyberSecurity History Information

How many cyber incidents has Episource faced?

Total Incidents: According to Rankiteo, Episource has faced 3 incidents in the past.

What types of cybersecurity incidents have occurred at Episource?

Incident Types: The types of cybersecurity incidents that have occurred incidents Breach and Ransomware.

How does Episource detect and respond to cybersecurity incidents?

Detection and Response: The company detects and responds to cybersecurity incidents through law enforcement notified with True and containment measures with Temporarily shut down systems and recovery measures with Offering free identity protection and credit monitoring and third party assistance with IDX for credit monitoring and identity theft protection and communication strategy with Notifications to victims.

Incident Details

Can you provide details on each incident?

Incident : Data Breach

Title: Data Breach at Episource

Description: A data breach at medical billing company Episource has exposed the personal and health information of more than 5.4 million people across the US.

Date Detected: 2025-02-06

Type: Data Breach

Attack Vector: Ransomware

Motivation: Access to massive amounts of PHI

Incident : Data Theft

Title: Former US Army Sergeant Attempts to Sell Classified Data to China

Description: Joseph Daniel Schmidt, a former US Army sergeant, has pled guilty to attempting to sell classified data to China. He used his top secret clearance to steal classified data and later contacted the Chinese government while abroad. His amateurish tradecraft involved using personal email addresses and searching for topics related to espionage on Google.

Type: Data Theft

Attack Vector: Insider Threat

Threat Actor: Joseph Daniel Schmidt

Motivation: Financial Gain

Incident : Data Breach, Ransomware Attack

Title: Episource Data Breach

Description: Medical software company Episource experienced a data breach in January 2025 that compromised medical records and health insurance information. The breach was a result of a ransomware attack and affected Sharp Healthcare, an Episource client in California.

Date Detected: 2025-01-27

Type: Data Breach, Ransomware Attack

What are the most common types of attacks the company has faced?

Common Attack Types: The most common types of attacks the company has faced is Ransomware.

Impact of the Incidents

What was the impact of each incident?

Incident : Data Breach EPI415071725

Data Compromised: Full name, Phone number, Email and physical address, Date of birth, Social Security number, Health insurance details, Medical data, Medicaid and Medicare identification numbers

Identity Theft Risk: True

Incident : Data Theft EPI300062325

Data Compromised: Classified Data

Legal Liabilities: Up to a decade behind bars and a $250,000 fine

Incident : Data Breach, Ransomware Attack EPI601061425

Data Compromised: Health data, Health insurance data, Contact info

What types of data are most commonly compromised in incidents?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Full name, Phone number, Email and physical address, Date of birth, Social Security number, Health insurance details, Medical data, Medicaid and Medicare identification numbers, Classified Data, Medical record numbers, Doctors, Diagnoses, Medications, Test results, Images, Care, Treatments, Health insurance plans and policies, Insurance companies, Member and group ID numbers, Medicaid-Medicare government payor ID numbers, Names, Addresses, Dates of birth, Phone numbers and Email addresses.

Which entities were affected by each incident?

Incident : Data Breach EPI415071725

Entity Type: Medical Billing Company

Industry: Healthcare

Location: US

Customers Affected: 5.4 million

Incident : Data Theft EPI300062325

Entity Type: Military

Industry: Defense

Location: United States

Incident : Data Breach, Ransomware Attack EPI601061425

Entity Type: Healthcare Provider

Industry: Healthcare

Location: California

Customers Affected: 24259

Incident : Data Breach, Ransomware Attack EPI601061425

Entity Type: Medical Software Company

Industry: Healthcare

Location: India, Los Angeles

Response to the Incidents

What measures were taken in response to each incident?

Incident : Data Breach EPI415071725

Law Enforcement Notified: True

Containment Measures: Temporarily shut down systems

Recovery Measures: Offering free identity protection and credit monitoring

Incident : Data Breach, Ransomware Attack EPI601061425

Third Party Assistance: IDX for credit monitoring and identity theft protection

Communication Strategy: Notifications to victims

How does the company involve third-party assistance in incident response?

Third-Party Assistance: The company involves third-party assistance in incident response through IDX for credit monitoring and identity theft protection.

Data Breach Information

What type of data was compromised in each breach?

Incident : Data Breach EPI415071725

Type of Data Compromised: Full name, Phone number, Email and physical address, Date of birth, Social Security number, Health insurance details, Medical data, Medicaid and Medicare identification numbers

Number of Records Exposed: 5.4 million

Sensitivity of Data: High

Data Exfiltration: True

Personally Identifiable Information: True

Incident : Data Theft EPI300062325

Type of Data Compromised: Classified Data

Sensitivity of Data: High

Incident : Data Breach, Ransomware Attack EPI601061425

Type of Data Compromised: Medical record numbers, Doctors, Diagnoses, Medications, Test results, Images, Care, Treatments, Health insurance plans and policies, Insurance companies, Member and group ID numbers, Medicaid-Medicare government payor ID numbers, Names, Addresses, Dates of birth, Phone numbers, Email addresses

Sensitivity of Data: High

Data Exfiltration: True

Personally Identifiable Information: True

How does the company handle incidents involving personally identifiable information (PII)?

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through was Temporarily shut down systems.

Ransomware Information

Was ransomware involved in any of the incidents?

Incident : Data Breach EPI415071725

Data Exfiltration: True

Incident : Data Breach, Ransomware Attack EPI601061425

Data Exfiltration: True

How does the company recover data encrypted by ransomware?

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Offering free identity protection and credit monitoring.

Regulatory Compliance

Were there any regulatory violations and fines imposed for each incident?

Incident : Data Breach, Ransomware Attack EPI601061425

Regulatory Notifications: Texas Attorney General

Lessons Learned and Recommendations

What recommendations were made to prevent future incidents?

Incident : Data Breach EPI415071725

Recommendations: Prevent unauthorized lateral movement within the network, Implement a privileged remote access strategy

What recommendations has the company implemented to improve cybersecurity?

Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Prevent unauthorized lateral movement within the network, Implement a privileged remote access strategy.

References

Where can I find more information about each incident?

Incident : Data Breach EPI415071725

Source: Cyber Incident Description

Incident : Data Breach, Ransomware Attack EPI601061425

Source: Comparitech

Where can stakeholders find additional resources on cybersecurity best practices?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Cyber Incident Description, and Source: Comparitech.

Investigation Status

How does the company communicate the status of incident investigations to stakeholders?

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through was Notifications to victims.

Stakeholder and Customer Advisories

Were there any advisories issued to stakeholders or customers for each incident?

Incident : Data Breach, Ransomware Attack EPI601061425

Customer Advisories: Notifications to victims

What advisories does the company provide to stakeholders and customers following an incident?

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Notifications to victims.

Initial Access Broker

How did the initial access broker gain entry for each incident?

Incident : Data Breach EPI415071725

Reconnaissance Period: 10 days

Post-Incident Analysis

What is the company's process for conducting post-incident analysis?

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as IDX for credit monitoring and identity theft protection.

Additional Questions

General Information

Who was the attacking group in the last incident?

Last Attacking Group: The attacking group in the last incident was an Joseph Daniel Schmidt.

Incident Details

What was the most recent incident detected?

Most Recent Incident Detected: The most recent incident detected was on 2025-02-06.

Impact of the Incidents

What was the most significant data compromised in an incident?

Most Significant Data Compromised: The most significant data compromised in an incident were Full name, Phone number, Email and physical address, Date of birth, Social Security number, Health insurance details, Medical data, Medicaid and Medicare identification numbers, Classified Data, Health data, Health insurance data and Contact info.

Response to the Incidents

What third-party assistance was involved in the most recent incident?

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was IDX for credit monitoring and identity theft protection.

What containment measures were taken in the most recent incident?

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Temporarily shut down systems.

Data Breach Information

What was the most sensitive data compromised in a breach?

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Full name, Phone number, Email and physical address, Date of birth, Social Security number, Health insurance details, Medical data, Medicaid and Medicare identification numbers, Classified Data, Health data, Health insurance data and Contact info.

What was the number of records exposed in the most significant breach?

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 5.4M.

Lessons Learned and Recommendations

What was the most significant recommendation implemented to improve cybersecurity?

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Prevent unauthorized lateral movement within the network, Implement a privileged remote access strategy.

References

What is the most recent source of information about an incident?

Most Recent Source: The most recent source of information about an incident are Cyber Incident Description and Comparitech.

Stakeholder and Customer Advisories

What was the most recent customer advisory issued?

Most Recent Customer Advisory: The most recent customer advisory issued was was an Notifications to victims.

Initial Access Broker

What was the most recent reconnaissance period for an incident?

Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was 10 days.

What Do We Measure?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
Users Love Us Badge