Episource
Company Details
Linkedin ID:
episource
Website:
Employees number:
3,079
Number of followers:
102,588
NAICS:
5415
Industry Type:
Homepage:
episource.com
IP Addresses:
0
Company ID:
EPI_2576294
Scan Status:
In-progress
Episource Company CyberSecurity Posture
episource.com
Episource is now a part of Optum. To stay up-to-date with news please connect with us at Optum.com.
Episource A.I CyberSecurity Scoring
Episource Risk Score (AI oriented)Between 0 and 549
Episource
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Episource Global Score (TPRM)XXXX
Episource
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Episource Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
Episource LLC: Episource Data Breach Class Action Gets Significantly Narrowed
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Episource Data Breach Class Action Narrowed After Court Dismissals A federal court in California has significantly reduced the scope of a class action lawsuit tied to a health data breach involving Episource LLC, a healthcare risk adjustment services firm. U.S. District Judge Stanley Blumenfeld Jr. dismissed most of the 23 named plaintiffs representing over 5.4 million affected individuals citing lack of subject matter and personal jurisdiction. The ruling leaves only four plaintiffs remaining in the case, as the court determined that the majority failed to establish sufficient legal grounds for their claims against Episource and several associated healthcare providers. The breach, which exposed sensitive health data, had prompted the class action seeking damages for affected individuals. The decision underscores the legal challenges in pursuing large-scale data breach litigation, particularly when jurisdiction and standing are contested. The case remains active for the remaining plaintiffs, though its scope has been substantially narrowed.
Episource
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A data breach at Episource, a medical billing company, exposed the personal and health information of over 5.4 million people. The breach, discovered on February 6, 2025, involved cybercriminals accessing and copying sensitive data for about 10 days. The compromised data includes names, addresses, phone numbers, email addresses, Social Security numbers, dates of birth, insurance details, Medicaid and Medicare information, and protected health information such as diagnoses, medications, test results, and medical treatment records.
Episource
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Episource, a medical software company, suffered a data breach in January 2025 that compromised medical records and health insurance information. The breach, resulting from a ransomware attack, affected personal information including health data, health insurance data, and contact information. Sharp Healthcare, a client of Episource, also notified patients of the breach. The Texas Attorney General reported 24,259 people were notified of the breach in Texas alone, indicating a significant impact on customers' data.
Episource Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Episource
Incidents vs IT Services and IT Consulting Industry Average (This Year)
Episource has 55.95% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Episource has 27.54% fewer incidents than the average of all companies with at least one recorded incident.
Incident Types Episource vs IT Services and IT Consulting Industry Avg (This Year)
Episource reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — Episource (X = Date, Y = Severity)
Episource cyber incidents detection timeline including parent company and subsidiaries
Episource Company Subsidiaries
Episource is now a part of Optum. To stay up-to-date with news please connect with us at Optum.com.
Loading...
Episource Similar Companies
HCLTech
HCLTech is a global technology company, home to more than 226,300 people across 60 countries, delivering industry-leading capabilities centered around AI, digital, engineering, cloud and software, powered by a broad portfolio of technology services and products. We work with clients across all major
Verizon
We get you. You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. You’ll find all that here. Because we empower you. We power and empower how people live, work and play by connecting them to what bri
ASGN Incorporated
ASGN Incorporated (NYSE: ASGN) is a leading provider of IT services and solutions across the commercial and government sectors. ASGN helps corporate enterprises and government organizations develop, implement and operate critical IT and business solutions through its integrated offerings. For more i
TransUnion
TransUnion is a global information and insights company that makes trust possible in the modern economy. We do this by providing an actionable picture of each person so they can be reliably represented in the marketplace. As a result, businesses and consumers can transact with confidence and achiev
Akkodis
Akkodis is a global digital engineering company and Smart Industry leader. We enable clients to advance in their digital transformation with Talent, Academy, Consulting, and Solutions services. Our 50,000 experts combine best-in-class technologies, R&D, and deep sector know-how for purposeful innova
Neobpo
Somos especializados em integrar tecnologia com inteligência humana, oferecendo soluções digitais que promovem transformação e eficiência operacional. Nosso foco é gerar valor por meio de resultados reais, utilizando inteligência digital para atender às necessidades específicas de cada cliente. Merg
VOIS
VOIS (Vodafone Intelligent Solutions) is a strategic arm of Vodafone Group Plc, creating value for customers by delivering intelligent solutions through Talent, Technology & Transformation. As the largest shared services organisation in the global telco industry, our portfolio of next-generation s
AlmavivA Experience
Líder em transformação digital nos mercados de Customer Experience e Debt Collection na América Latina. Combinamos tecnologia, inteligência e excelência operacional para entregar soluções completas que antecipam as necessidades dos nossos Clientes. São mais de 530 milhões de interações anuais, met
Wipro
Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading AI-powered technology services and consulting company focused on building innovative solutions that address clients’ most complex digital transformation needs. Leveraging our consulting-led approach and the Wipro Intelligence™ unified s
.png)
Episource CyberSecurity News
August 08, 2025 07:00 AM
Senators Demand Answers from UnitedHealth After Second Massive Data Breach in a Year
Two U.S. senators have written to UnitedHealth Group (UHG) CEO Stephen J. Hemsley demanding answers about cybersecurity and the response to...
August 06, 2025 07:00 AM
Senators criticize UnitedHealth Group's cybersecurity after Episource breach
Episource is an Optum subsidiary that provides medical coding and risk adjustment services to health systems and payers. The firm shut down its...
August 06, 2025 07:00 AM
UnitedHealth response to Episource breach sought by senators
UnitedHealth Group has been urged by Sens. Bill Cassidy, R-La., and Maggie Hassan, D-N.H., to provide more details regarding the January...
July 16, 2025 07:00 AM
Over 5.4 Million Affected in Healthcare Data Breach at Episource
A data breach at Episource has exposed the personal information of 5.4 million individuals after attackers accessed systems for 10 days.
July 16, 2025 07:00 AM
UnitedHealth-Linked Health Tech Firm Episource Breach Hits 5.4M Patients
Episource breach exposed data of 5.4M patients across the US. Linked to UnitedHealth's Optum, the health tech firm was hit by a ransomware attack in early 2025.
July 16, 2025 07:00 AM
Major breach at medical billing giant sees data on 5.4 million users stolen - here's what we know
American healthcare data giant Episource has begun notifying its customers about a February 2025 data breach in which their sensitive information was stolen.
July 14, 2025 07:00 AM
Episource is notifying millions of people that their health data was stolen
The UnitedHealth-owned medical coding service was hacked earlier this year by a ransomware gang.
July 14, 2025 07:00 AM
These are the biggest health data breaches in the first half of 2025
Some breaches affected millions of Americans. Hospital systems and other companies with health records experienced cyberattacks and other...
June 30, 2025 07:00 AM
Data breach at healthcare services firm Episource affects 5.4M
An investigation found a cybercriminal had accessed and stolen some of its data this winter, Episource said in a breach notification.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Episource CyberSecurity History Information
Official Website of Episource
The official website of Episource is https://www.episource.com/.
Episource’s AI-Generated Cybersecurity Score
According to Rankiteo, Episource’s AI-generated cybersecurity score is 437, reflecting their Critical security posture.
How many security badges does Episource’ have ?
According to Rankiteo, Episource currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Episource been affected by any supply chain cyber incidents ?
According to Rankiteo, Episource has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Episource have SOC 2 Type 1 certification ?
According to Rankiteo, Episource is not certified under SOC 2 Type 1.
Does Episource have SOC 2 Type 2 certification ?
According to Rankiteo, Episource does not hold a SOC 2 Type 2 certification.
Does Episource comply with GDPR ?
According to Rankiteo, Episource is not listed as GDPR compliant.
Does Episource have PCI DSS certification ?
According to Rankiteo, Episource does not currently maintain PCI DSS compliance.
Does Episource comply with HIPAA ?
According to Rankiteo, Episource is not compliant with HIPAA regulations.
Does Episource have ISO 27001 certification ?
According to Rankiteo,Episource is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Episource
Episource operates primarily in the IT Services and IT Consulting industry.
Number of Employees at Episource
Episource employs approximately 3,079 people worldwide.
Subsidiaries Owned by Episource
Episource presently has no subsidiaries across any sectors.
Episource’s LinkedIn Followers
Episource’s official LinkedIn profile has approximately 102,588 followers.
NAICS Classification of Episource
Episource is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
Episource’s Presence on Crunchbase
No, Episource does not have a profile on Crunchbase.
Episource’s Presence on LinkedIn
Yes, Episource maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/episource.
Cybersecurity Incidents Involving Episource
As of January 23, 2026, Rankiteo reports that Episource has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Episource has an estimated 38,499 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Episource ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware and Breach.
How does Episource detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with idx for credit monitoring and identity theft protection, and communication strategy with notifications to victims, and and containment measures with temporarily shut down systems, and recovery measures with offering free identity protection and credit monitoring..
Incident Details
Can you provide details on each incident ?
Title: Episource Data Breach
Description: Medical software company Episource experienced a data breach in January 2025 that compromised medical records and health insurance information. The breach was a result of a ransomware attack and affected Sharp Healthcare, an Episource client in California.
Date Detected: 2025-01-27
Type: Data Breach, Ransomware Attack
Title: Data Breach at Episource
Description: A data breach at medical billing company Episource has exposed the personal and health information of more than 5.4 million people across the US.
Date Detected: 2025-02-06
Type: Data Breach
Attack Vector: Ransomware
Motivation: Access to massive amounts of PHI
Title: Episource Data Breach Class Action Narrowed After Court Dismissals
Description: A federal court in California has significantly reduced the scope of a class action lawsuit tied to a health data breach involving Episource LLC, a healthcare risk adjustment services firm. The ruling dismissed most of the 23 named plaintiffs representing over 5.4 million affected individuals, leaving only four plaintiffs remaining due to lack of jurisdiction and standing. The breach exposed sensitive health data, prompting the class action seeking damages.
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach, Ransomware Attack EPI601061425
Data Compromised: Health data, Health insurance data, Contact info
Incident : Data Breach EPI415071725
Data Compromised: Full name, Phone number, Email and physical address, Date of birth, Social security number, Health insurance details, Medical data, Medicaid and medicare identification numbers
Identity Theft Risk: True
Incident : Data Breach EPI1769117944
Data Compromised: Sensitive health data
Legal Liabilities: Class action lawsuit seeking damages
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Medical Record Numbers, Doctors, Diagnoses, Medications, Test Results, Images, Care, Treatments, Health Insurance Plans And Policies, Insurance Companies, Member And Group Id Numbers, Medicaid-Medicare Government Payor Id Numbers, Names, Addresses, Dates Of Birth, Phone Numbers, Email Addresses, , Full Name, Phone Number, Email And Physical Address, Date Of Birth, Social Security Number, Health Insurance Details, Medical Data, Medicaid And Medicare Identification Numbers, and Sensitive health data.
Which entities were affected by each incident ?
Incident : Data Breach, Ransomware Attack EPI601061425
Entity Name: Sharp Healthcare
Entity Type: Healthcare Provider
Industry: Healthcare
Location: California
Customers Affected: 24259
Incident : Data Breach, Ransomware Attack EPI601061425
Entity Name: Episource
Entity Type: Medical Software Company
Industry: Healthcare
Location: India, Los Angeles
Incident : Data Breach EPI415071725
Entity Name: Episource
Entity Type: Medical Billing Company
Industry: Healthcare
Location: US
Customers Affected: 5.4 million
Incident : Data Breach EPI1769117944
Entity Name: Episource LLC
Entity Type: Healthcare risk adjustment services firm
Industry: Healthcare
Location: California, USA
Customers Affected: 5.4 million individuals
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach, Ransomware Attack EPI601061425
Third Party Assistance: IDX for credit monitoring and identity theft protection
Communication Strategy: Notifications to victims
Incident : Data Breach EPI415071725
Containment Measures: Temporarily shut down systems
Recovery Measures: Offering free identity protection and credit monitoring
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through IDX for credit monitoring and identity theft protection.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach, Ransomware Attack EPI601061425
Type of Data Compromised: Medical record numbers, Doctors, Diagnoses, Medications, Test results, Images, Care, Treatments, Health insurance plans and policies, Insurance companies, Member and group id numbers, Medicaid-medicare government payor id numbers, Names, Addresses, Dates of birth, Phone numbers, Email addresses
Sensitivity of Data: High
Incident : Data Breach EPI415071725
Type of Data Compromised: Full name, Phone number, Email and physical address, Date of birth, Social security number, Health insurance details, Medical data, Medicaid and medicare identification numbers
Number of Records Exposed: 5.4 million
Sensitivity of Data: High
Incident : Data Breach EPI1769117944
Type of Data Compromised: Sensitive health data
Number of Records Exposed: 5.4 million
Sensitivity of Data: High
Personally Identifiable Information: Yes
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by temporarily shut down systems and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach, Ransomware Attack EPI601061425
Data Exfiltration: True
Incident : Data Breach EPI415071725
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Offering free identity protection and credit monitoring, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach, Ransomware Attack EPI601061425
Regulatory Notifications: Texas Attorney General
Incident : Data Breach EPI1769117944
Legal Actions: Class action lawsuit
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuit.
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Data Breach EPI415071725
Recommendations: Prevent unauthorized lateral movement within the network, Implement a privileged remote access strategyPrevent unauthorized lateral movement within the network, Implement a privileged remote access strategy
References
Where can I find more information about each incident ?
Incident : Data Breach, Ransomware Attack EPI601061425
Source: Comparitech
Incident : Data Breach EPI415071725
Source: Cyber Incident Description
Incident : Data Breach EPI1769117944
Source: Federal court ruling
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Comparitech, and Source: Cyber Incident Description, and Source: Federal court ruling.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach EPI1769117944
Investigation Status: Active (narrowed scope)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notifications to victims.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach, Ransomware Attack EPI601061425
Customer Advisories: Notifications to victims
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Notifications to victims.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach EPI415071725
Reconnaissance Period: 10 days
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as IDX for credit monitoring and identity theft protection.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-01-27.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Health data, Health insurance data, Contact info, , Full name, Phone number, Email and physical address, Date of birth, Social Security number, Health insurance details, Medical data, Medicaid and Medicare identification numbers, and Sensitive health data.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was IDX for credit monitoring and identity theft protection.
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Temporarily shut down systems.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Medical data, Phone number, Date of birth, Medicaid and Medicare identification numbers, Health insurance details, Contact info, Health insurance data, Health data, Email and physical address, Sensitive health data, Social Security number and Full name.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 10.8M.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuit.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Prevent unauthorized lateral movement within the network and Implement a privileged remote access strategy.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Cyber Incident Description, Federal court ruling and Comparitech.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Active (narrowed scope).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Notifications to victims.
Initial Access Broker
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was 10 days.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Description
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
Risk Information
cvss3
Base: 9.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
Azure Entra ID Elevation of Privilege Vulnerability
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Description
Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover LDAP entries on the server such as user IDs and user attributes. This issue has been fixed in version 0.10.0.
Risk Information
cvss4
Base: 2.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManager fails to sanitize the filenames of uploaded backups. The system persists user-uploaded files directly to the host filesystem using the raw originalname provided in the request. This allows an attacker to stage a file containing shell metacharacters (e.g., $(id).tar.gz) at a predictable path, which is later referenced during the restore process. The successful storage of the file is what allows the subsequent restore command to reference and execute it. This issue has been fixed in version 4.7.0.
Risk Information
cvss3
Base: 8.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=episource' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
