Medical software maker Episource data breach leaks thousands of patients’ private health info

Medical software company Episource this week began notifying victims of a January 2025 data breach that compromised medical records and health insurance info.

Sharp Healthcare, an Episource client in California, is also notifying patients of the breach. Sharp’s notice confirmed the breach resulted from a ransomware attack.

Sharp’s notice says the following personal info was compromised:

• Health data such as medical record numbers, doctors, diagnoses, medications, test results, images, care, and treatments
• Health insurance data such as plans and policies, insurance companies, member and group ID numbers, and Medicaid-Medicare government payor ID numbers
• Contact info including names, addresses, dates of birth, phone numbers, and email addresses

Episource has not disclosed how many victims it notified nationwide, but the Texas Attorney General reports 24,259 people were notified of the breach in that state alone. We will update this article as more figures become available.

“We learned that a criminal was able to see and take copies of some data in our computer systems. This happened between January 27, 2025 and February 6, 2025,” says Episource’s notice to victims.

No ransomware gang has publicly claimed responsibility for the breach as of time of writing.

We do not know if Episource paid a ransom, how much was demanded, or how attackers breached Episource. Comparitech contacted Episource for comment and will update this article if it replies.

Episource is offering eligible victims two years of free credit monitoring and identity theft protection through IDX. The deadline to enrolls is September 30, 2025.

Ransomware attacks on US healthcare

In 2025 to date, we’ve logged three confirmed ransomware attacks on US healthcare-related businesses that do not provide direct care to patients. In addition to Episource, the other two are:

• Clinical trial company Veristat notified 402 people of a February 2025 data breach claimed by Akira
• Drug maker CMIC CMO USA reported a May 2025 data breach claimed by Qilin

Attacks on these companies can have far-reaching consequences for hospitals, clinics, and other direct care providers that use them. Last year, 29 such attacks compromised nearly 193 million records. Most of these stem from an attack on healthcare payment company Change Healthcare.

Ransomware gangs in 2025 so far have made another 24 unconfirmed attack claims against healthcare-related companies that haven’t been publicly acknowledged by the targeted companies.

As for direct care providers like hospitals and clinics, Comparitech researchers have logged 27 confirmed ransomware attacks in 2025 so far, compromising more than 1.9 million records.

Ransomware attacks on healthcare providers can cripple critical systems and endanger the health, privacy, and security of patients. Targeted companies must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk of fraud. Hospitals and clinics might have to resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.

About Episource

Based in India with an office in Los Angeles, Episource sells risk adjustment services and software for health plans and medical groups. According to its website, it codes 24 million records annually and employs more than 8,000 full-time coders.