
Episource Company Cyber Security Posture
episource.comEpisource is a leading provider of risk adjustment services, software, and solutions for health plans and provider groups. As an integrated platform, Episource empowers Commercial, Medicare, and Medicaid payers and providers with end-to-end risk adjustment solutions, including risk adjustment analytics, medical record retrieval, medical chart coding, and encounter submissions. We are reinventing how healthcare organizations manage their member populations in an ever-changing landscape โ and this is no easy task. We pursue people who take pride in their work and hold themselves to high standards to achieve it. Craft your career and grow with us at episource.com/pages/about
Episource Company Details
episource
3285 employees
101612.0
541
IT Services and IT Consulting
episource.com
Scan still pending
EPI_2576294
In-progress

Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.

.png)

Episource Company Scoring based on AI Models
Model Name | Date | Description | Current Score Difference | Score |
---|---|---|---|---|
AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
Episource Company Cyber Security News & History
Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
---|---|---|---|---|---|---|---|
Episource | Breach | 85 | 4 | 6/2025 | EPI300062325 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Unknown miscreants have stolen data describing around 5.4 million customers of healthcare technology firm Episource. The company, which offers a range of tech services in the healthcare sector, admitted to having records stolen in a breach notification letter published last week. Episource said that the incident took place sometime between January 27 and February 6 of this year, though it didn't specify exactly how 'a cybercriminal was able to see and take copies of some data in our computer system.' Whoever made off with the data accessed victimsโ Social Security numbers, dates of birth, plus health care data including diagnoses, prescriptions, medical images, and treatment plans. The attackers also stole health insurance data. | |||||||
Episource | Ransomware | 100 | 6/2025 | EPI601061425 | Link | ||
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: Episource, a medical software company, suffered a data breach in January 2025 that compromised medical records and health insurance information. The breach, resulting from a ransomware attack, affected personal information including health data, health insurance data, and contact information. Sharp Healthcare, a client of Episource, also notified patients of the breach. The Texas Attorney General reported 24,259 people were notified of the breach in Texas alone, indicating a significant impact on customers' data. | |||||||
Episource | Ransomware | 100 | 4 | 7/2025 | EPI415071725 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: A data breach at Episource, a medical billing company, exposed the personal and health information of over 5.4 million people. The breach, discovered on February 6, 2025, involved cybercriminals accessing and copying sensitive data for about 10 days. The compromised data includes names, addresses, phone numbers, email addresses, Social Security numbers, dates of birth, insurance details, Medicaid and Medicare information, and protected health information such as diagnoses, medications, test results, and medical treatment records. |
Episource Company Subsidiaries

Episource is a leading provider of risk adjustment services, software, and solutions for health plans and provider groups. As an integrated platform, Episource empowers Commercial, Medicare, and Medicaid payers and providers with end-to-end risk adjustment solutions, including risk adjustment analytics, medical record retrieval, medical chart coding, and encounter submissions. We are reinventing how healthcare organizations manage their member populations in an ever-changing landscape โ and this is no easy task. We pursue people who take pride in their work and hold themselves to high standards to achieve it. Craft your career and grow with us at episource.com/pages/about
Access Data Using Our API

Get company history
.png)
Episource Cyber Security News
Episource is notifying millions of people that their health data was stolen
The UnitedHealth-owned medical coding service was hacked earlier this year by a ransomware gang.
Cybersecurity News: Episource Breach, Predatory Sparrow strikes again, Swiss banks data leak
Episource Breach, Predatory Sparrow strikes again, Swiss banks data leak, Feds seize crypto funds linked to investment scams.
UnitedHealth subsidiary exposes 5.5M patient records to hackers
Health IT company Episource confirmed a ransomware attack of its network exposed data from payer and provider customers alike, with detailsย ...
Data breach at healthcare services firm Episource affects 5.4M
A data breach at healthcare services firm Episource exposed information from 5.4 million people, according to a report submitted earlier thisย ...
Episource data breach affects 5.4M individuals
Learn about a multi-million-record data breach at IT vendor Episource, which provides risk adjustment and coding services to health plansย ...
More than 5 million affected by data breach at healthcare tech firm Episource
A tech firm providing services to the healthcare industry said hackers stole information on millions of people in an incident discovered in early February.
5.4 million patient records exposed in healthcare data breach
Episource, a big name in healthcare data analytics and coding services, has confirmed a major cybersecurity incident (via Bleeping Computer).
Healthcare data breach impacts over five million Americans
American medical coding and risk assessment firm Episource confirmed it was hit with a data breach earlier this year.
Episource Data Breach Investigation
In early February 2025, Episource discovered unusual activity in its computer systems. An investigation determined that a cybercriminal hadย ...

Episource Similar Companies

Tech Mahindra
Tech Mahindra offers technology consulting and digital solutions to global enterprises across industries, enabling transformative scale at unparalleled speed. With 150,000+ professionals across 90+ countries helping 1100+ clients, TechM provides a full spectrum of services including consulting, info

Serco
We bring together the right people, the right technology and the right partners to create innovative solutions that make positive impact and address some of the most urgent and complex challenges facing the modern world. With a focus on serving governments globally, Sercoโs services span justice,

Persistent Systems
We are an AI-led, platform-driven Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry expertise to help our clients anticipate whatโs next. Our offerings and proven solutions create a unique competitive advantage for our clients by giving them th

Ingram Micro
Ingram Micro is a leading technology company for the global information technology ecosystem. With the ability to reach nearly 90% of the global population, we play a vital role in the worldwide IT sales channel, bringing products and services from technology manufacturers and cloud providers to a h

Tietoevry
In a rapidly changing world, technology is everything. It's in the fabric of society. In every part of every business. At the very heart of human evolution. Itโs a great power that comes with great responsibility. At Tietoevry, we believe itโs time to shift perspective. Itโs not about what technolo

Accenture Brasil
A Accenture โยฉ uma empresa lโโ der global de serviโรos profissionais que ajuda grandes companhias, governos e outras organizaโรโยตes a construir sua essโโขncia digital, otimizar suas operaโรโยตes, acelerar o crescimento das receitas e aprimorar serviโรos ao cidadโยฃo โรรฌ criando valor tangโโ vel com veloc

Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Episource CyberSecurity History Information
How many cyber incidents has Episource faced?
Total Incidents: According to Rankiteo, Episource has faced 3 incidents in the past.
What types of cybersecurity incidents have occurred at Episource?
Incident Types: The types of cybersecurity incidents that have occurred incidents Breach and Ransomware.
How does Episource detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through law enforcement notified with True and containment measures with Temporarily shut down systems and recovery measures with Offering free identity protection and credit monitoring and third party assistance with IDX for credit monitoring and identity theft protection and communication strategy with Notifications to victims.
Incident Details
Can you provide details on each incident?

Incident : Data Breach
Title: Data Breach at Episource
Description: A data breach at medical billing company Episource has exposed the personal and health information of more than 5.4 million people across the US.
Date Detected: 2025-02-06
Type: Data Breach
Attack Vector: Ransomware
Motivation: Access to massive amounts of PHI

Incident : Data Theft
Title: Former US Army Sergeant Attempts to Sell Classified Data to China
Description: Joseph Daniel Schmidt, a former US Army sergeant, has pled guilty to attempting to sell classified data to China. He used his top secret clearance to steal classified data and later contacted the Chinese government while abroad. His amateurish tradecraft involved using personal email addresses and searching for topics related to espionage on Google.
Type: Data Theft
Attack Vector: Insider Threat
Threat Actor: Joseph Daniel Schmidt
Motivation: Financial Gain

Incident : Data Breach, Ransomware Attack
Title: Episource Data Breach
Description: Medical software company Episource experienced a data breach in January 2025 that compromised medical records and health insurance information. The breach was a result of a ransomware attack and affected Sharp Healthcare, an Episource client in California.
Date Detected: 2025-01-27
Type: Data Breach, Ransomware Attack
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident?

Incident : Data Breach EPI415071725
Data Compromised: Full name, Phone number, Email and physical address, Date of birth, Social Security number, Health insurance details, Medical data, Medicaid and Medicare identification numbers
Identity Theft Risk: True

Incident : Data Theft EPI300062325
Data Compromised: Classified Data
Legal Liabilities: Up to a decade behind bars and a $250,000 fine

Incident : Data Breach, Ransomware Attack EPI601061425
Data Compromised: Health data, Health insurance data, Contact info
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Full name, Phone number, Email and physical address, Date of birth, Social Security number, Health insurance details, Medical data, Medicaid and Medicare identification numbers, Classified Data, Medical record numbers, Doctors, Diagnoses, Medications, Test results, Images, Care, Treatments, Health insurance plans and policies, Insurance companies, Member and group ID numbers, Medicaid-Medicare government payor ID numbers, Names, Addresses, Dates of birth, Phone numbers and Email addresses.
Which entities were affected by each incident?

Incident : Data Breach EPI415071725
Entity Type: Medical Billing Company
Industry: Healthcare
Location: US
Customers Affected: 5.4 million

Incident : Data Breach, Ransomware Attack EPI601061425
Entity Type: Healthcare Provider
Industry: Healthcare
Location: California
Customers Affected: 24259

Incident : Data Breach, Ransomware Attack EPI601061425
Entity Type: Medical Software Company
Industry: Healthcare
Location: India, Los Angeles
Response to the Incidents
What measures were taken in response to each incident?

Incident : Data Breach EPI415071725
Law Enforcement Notified: True
Containment Measures: Temporarily shut down systems
Recovery Measures: Offering free identity protection and credit monitoring

Incident : Data Breach, Ransomware Attack EPI601061425
Third Party Assistance: IDX for credit monitoring and identity theft protection
Communication Strategy: Notifications to victims
How does the company involve third-party assistance in incident response?
Third-Party Assistance: The company involves third-party assistance in incident response through IDX for credit monitoring and identity theft protection.
Data Breach Information
What type of data was compromised in each breach?

Incident : Data Breach EPI415071725
Type of Data Compromised: Full name, Phone number, Email and physical address, Date of birth, Social Security number, Health insurance details, Medical data, Medicaid and Medicare identification numbers
Number of Records Exposed: 5.4 million
Sensitivity of Data: High
Data Exfiltration: True
Personally Identifiable Information: True

Incident : Data Theft EPI300062325
Type of Data Compromised: Classified Data
Sensitivity of Data: High

Incident : Data Breach, Ransomware Attack EPI601061425
Type of Data Compromised: Medical record numbers, Doctors, Diagnoses, Medications, Test results, Images, Care, Treatments, Health insurance plans and policies, Insurance companies, Member and group ID numbers, Medicaid-Medicare government payor ID numbers, Names, Addresses, Dates of birth, Phone numbers, Email addresses
Sensitivity of Data: High
Data Exfiltration: True
Personally Identifiable Information: True
How does the company handle incidents involving personally identifiable information (PII)?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through was Temporarily shut down systems.
Ransomware Information
Was ransomware involved in any of the incidents?

Incident : Data Breach EPI415071725
Data Exfiltration: True

Incident : Data Breach, Ransomware Attack EPI601061425
Data Exfiltration: True
How does the company recover data encrypted by ransomware?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Offering free identity protection and credit monitoring.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident?

Incident : Data Breach, Ransomware Attack EPI601061425
Regulatory Notifications: Texas Attorney General
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents?

Incident : Data Breach EPI415071725
Recommendations: Prevent unauthorized lateral movement within the network, Implement a privileged remote access strategy
What recommendations has the company implemented to improve cybersecurity?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Prevent unauthorized lateral movement within the network, Implement a privileged remote access strategy.
References
Where can I find more information about each incident?

Incident : Data Breach EPI415071725
Source: Cyber Incident Description

Incident : Data Breach, Ransomware Attack EPI601061425
Source: Comparitech
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Cyber Incident Description, and Source: Comparitech.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through was Notifications to victims.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident?

Incident : Data Breach, Ransomware Attack EPI601061425
Customer Advisories: Notifications to victims
What advisories does the company provide to stakeholders and customers following an incident?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Notifications to victims.
Initial Access Broker
How did the initial access broker gain entry for each incident?

Incident : Data Breach EPI415071725
Reconnaissance Period: 10 days
Post-Incident Analysis
What is the company's process for conducting post-incident analysis?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as IDX for credit monitoring and identity theft protection.
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident was an Joseph Daniel Schmidt.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2025-02-06.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Full name, Phone number, Email and physical address, Date of birth, Social Security number, Health insurance details, Medical data, Medicaid and Medicare identification numbers, Classified Data, Health data, Health insurance data and Contact info.
Response to the Incidents
What third-party assistance was involved in the most recent incident?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was IDX for credit monitoring and identity theft protection.
What containment measures were taken in the most recent incident?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Temporarily shut down systems.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Full name, Phone number, Email and physical address, Date of birth, Social Security number, Health insurance details, Medical data, Medicaid and Medicare identification numbers, Classified Data, Health data, Health insurance data and Contact info.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 5.4M.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Prevent unauthorized lateral movement within the network, Implement a privileged remote access strategy.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident are Cyber Incident Description and Comparitech.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued?
Most Recent Customer Advisory: The most recent customer advisory issued was was an Notifications to victims.
Initial Access Broker
What was the most recent reconnaissance period for an incident?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was 10 days.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
