Strauss Borrelli PLLC, a leading data breach law firm, is investigating Episource, LLC regarding its recent data breach. The Episource data breach involved sensitive personal information and protected health information belonging to an undetermined number of individuals.
ABOUT EPISOURCE, LLC:
Episource is a provider of risk adjustment services, software, and solutions for health plans and provider groups based in California.3 Founded in 2006, Episource’s integrated platform offers commercial, Medicare, and Medicaid payers and providers end-to-end risk adjustment solutions, including risk adjustment analytics, medical record retrieval, medical chart coding, and encounter submissions.3 Headquartered in Gardena, California, Episource employs over 8,000 individuals.
WHAT HAPPENED?
Recently, Episource announced that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised.1 According to the breach notice, on February 6, 2025, Episource found unusual activity in its computer systems.1 As a result, Episource launched an investigation to determine the nature of the incident.
Through its investigation, Episource confirmed that sensitive personal information in its systems may have been accessed and copied by an unauthorized third party between January 27, 2025, and February 6, 2025. As a result, Episource began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Address
- Date of birth
- Phone number
- Email address
- Medical information (e.g., medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment)
- Health insurance information (e.g., health plans/policies, insurance companies, member/group ID numbers, Medicaid-Medicare-government payor ID numbers)
As a result of the data breach, Episource posted a notice of the incident on its website. Additionally, on April 23, 2025, Episource began sending breach notification letters to impacted individuals. Based on the website breach notice, Episource is providing affected individuals with a list of the specific types of sensitive information impacted. A link to the form breach notification that Episource posted to its website is below.
If you received a breach notification letter from Episource, LLC:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
