5.4 million hit in major healthcare data breach — names, emails, SSNs and more exposed

(Image credit: Shutterstock)

Hackers continue to go after healthcare-related businesses in their attacks and unfortunately, you could easily get caught up in the aftermath as the result of a data breach. Case in point, millions of Americans are now receiving data breach notifications in the mail following a cyberattack on a medical billing company earlier this year.

As reported by BleepingComputer, back in January and early February, hackers stole the personal and medical information of 5.4 million people during a cyberattack at the American healthcare services company Episource.

While you likely haven’t heard of this company, which is owned by UnitedHealth Group’s Optum subsidiary, it provides risk adjustment, medical coding, data analytics and other tech to healthcare providers. As a result, Episource often handles large troves of personal and medical data which makes it a valuable target for hackers and other cybercriminals.

Now though, the company has begun notifying affected individuals that their personal and medical data could be in the hands of hackers. Here’s everything you need to know about this major medical data breach along with what to do next and steps to help keep you safe from any follow-up attacks.

Personal and medical data exposed

Hacker typing on laptop in darkened room — (Image credit: Witthaya Prasongsin / Getty Images)

The hackers behind this attack managed to gain access to Episource’s systems at the beginning of the year and according to a data breach notice on its site, the breach likely occurred sometime between January 27th and February 6th.

During that time, the hackers were able to view as well as steal copies of some data in the company’s computer systems. While the exposed data varies from person to person, it may include one or more of the following:

Full name
Physical address
Email address
Phone number
Insurance plan information
Medicaid ID and information
Medical record details
Date of birth
Social Security number

Fortunately though, no banking or payment card information was exposed as a result of the breach.

In a filing with the U.S. Department of Health and Human Service’s Office for Civil Rights, Episource revealed that approximately 5,418,886 people are affected. The company began sending out data breach notifications to impacted individuals in April but as TechCrunch points out in a new report, additional notices have since been filed in California and Vermont and more people are now being notified in regard to this breach.

How to stay safe after a data breach

A nervous woman looking at her phone — (Image credit: Shutterstock)

With patients’ full names, addresses, emails, phone numbers, dates of birth and especially their Social Security numbers in hand, there’s a whole lot that hackers can do. From committing fraud and even identity theft to launching targeted phishing attacks using this stolen data, those impacted by this breach are going to need to be extra careful when answering their phones, checking their mailboxes and looking at their email.

Episource is taking steps to soften the blow of this breach by providing affected individuals with free access to the best identity theft protection services. In the company’s data breach notification shared (PDF) with the Office of the Vermont Attorney General, it explained that people whose medical and personal data was exposed can sign up for credit monitoring and identity restoration services from IDX which can be done so online or over the phone.

If you’re worried that your personal data and medical info could have been exposed, you’re going to want to keep a close eye on your mailbox. The reason being is that instead of over email, data breach notification letters are typically sent via traditional mail. This letter will have all the details on how to sign up for IDX’s identity theft protection and credit monitoring. However, it will also let you know exactly what types of your data were exposed in this breach.

At the same time, you may also want to freeze your credit since with all this sensitive data, hackers could try to take out loans in your name or commit other types of fraud. You’re also going to want to be extra careful when dealing with text messages or emails from unknown senders since other cybercriminals with access to this data could try to launch follow-up attacks, likely in the form of phishing scams. Likewise, monitoring all of your financial accounts is highly recommended as fraud is a lot easier to deal with when you spot it early on.

Now that hackers have made it a point to go after healthcare-related businesses and healthcare providers, hopefully the entire medical industry is working on strengthening their security.

In the meantime though, you want to make sure that all of your devices are protected with the best antivirus software and that you’re using strong and complex passwords for all of your accounts. By taking these steps and improving your own cyber hygiene, you’ll be better prepared for when the next data breach happens.

More from Tom's Guide

See more Computing News

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.