Episource Data Breach Class Action Narrowed After Court Dismissals A federal court in California has significantly reduced the scope of a class action lawsuit tied to a health data breach involving Episource LLC, a healthcare risk adjustment services firm. U.S. District Judge Stanley Blumenfeld Jr. dismissed most of the 23 named plaintiffs representing over 5.4 million affected individuals citing lack of subject matter and personal jurisdiction. The ruling leaves only four plaintiffs remaining in the case, as the court determined that the majority failed to establish sufficient legal grounds for their claims against Episource and several associated healthcare providers. The breach, which exposed sensitive health data, had prompted the class action seeking damages for affected individuals. The decision underscores the legal challenges in pursuing large-scale data breach litigation, particularly when jurisdiction and standing are contested. The case remains active for the remaining plaintiffs, though its scope has been substantially narrowed.

A data breach at Episource, a medical billing company, exposed the personal and health information of over 5.4 million people. The breach, discovered on February 6, 2025, involved cybercriminals accessing and copying sensitive data for about 10 days. The compromised data includes names, addresses, phone numbers, email addresses, Social Security numbers, dates of birth, insurance details, Medicaid and Medicare information, and protected health information such as diagnoses, medications, test results, and medical treatment records.

Episource, a medical software company, suffered a data breach in January 2025 that compromised medical records and health insurance information. The breach, resulting from a ransomware attack, affected personal information including health data, health insurance data, and contact information. Sharp Healthcare, a client of Episource, also notified patients of the breach. The Texas Attorney General reported 24,259 people were notified of the breach in Texas alone, indicating a significant impact on customers' data.