Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Well over a year after the Change Healthcare data breach, a second subsidiary of the UnitedHealth Group has suffered a data breach, exposing the data of over several million users.
Episource, a company owned by UnitedHealth Group subsidiary Optum, is a provider of medical coding and risk adjustment services to health companies, doctors and more.
In a data breach notice posted online, Episource revealed that it had discovered the breach on February 6, 2025.
“We learned from our investigation that a cybercriminal was able to see and take copies of some data in our computer systems. This happened between January 27, 2025 and February 6, 2025. To date, we are not aware of any misuse of the data,” the company said.
While the notice on the site is new, Episource says it began notifying those affected on April 23, 2025, outlining what data may have been exposed.
“The data that may have been seen and taken was not the same for everyone and may have included contact information (such as name, address, phone number and email),” adding that other data including health insurance data such as health plans, insurance, Medicaid-Medicare-government payor ID numbers, member/group ID numbers, medical record data, doctor, diagnoses, test results, medical record numbers, images, care and treatments and other personal data including Social Security numbers and dates of birth may have been affected.
While largely “not impacted”, the company has warned that individuals should take care as some financial and banking information and payment card details may have been affected.
Following discovery of the breach, the company shut down relevant systems to isolate the incident and contacted relevant authorities. According to the US Department of Health and Human Services Office for Civil Rights breach portal, the data breach affected 5,418,866 individuals.
Currently no threat actor has been publicly identified nor has one taken responsibility for the incident.
Just last year, UnitedHealth subsidiary Change Healthcare suffered a disastrous ransomware attack that saw it held to ransom twice for the same breach.
The company was first hit by the ALPHV ransomware gang, in which the company paid a US$22 million ransom payment. ALPHV then cheated its affiliate out of the money, and went dark, faking that it had been taken down by law enforcement again.
Following this, the RansomHub group took over, and once again held the company to ransom, claiming it had the data. It is unclear how RansomHub obtained the data.
While unconfirmed, it could be that the affiliate, Notchy, went to RansomHub with the stolen data and utilised the group for negotiation purposes, seeing as they were unable to attain ransom funds through ALPHV. This is pure speculation and is completely unverified.
Notchy’s identity has been questioned since the Change Healthcare incident, with some at the time theorising that they are a Chinese state-sponsored hacker.
Be the first to hear the latest developments in the cyber industry.
