Episource data breach

A notice to our patients

Sharp HealthCare is committed to protecting the confidentiality and security of our patients’ information. Regrettably, Episource recently identified and addressed a data breach involving some of that information.

On April 24, 2025, Episource, a Sharp HealthCare and Sharp Community Medical Group business associate, confirmed Sharp was one of their customers affected by a ransomware data breach.

Immediately after becoming aware of the vulnerability, Episource stopped access to their system application and began a thorough investigation to determine if our information was affected. That Investigation confirmed that Sharp information hosted on the system had been accessed and acquired without authorization between January 27, 2025 and February 6, 2025. Episource engaged independent third-party experts in computer forensics, analytics, and data mining to determine what information was impacted and with whom it is associated. They also notified law enforcement.

Sharp has worked closely with Episource to identify Sharp patients who have been affected and had their personal information compromised. The information compromised included contact information (such as name, address, phone number and email), date of birth, and one or more of the following:

  • Health insurance data (such as health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers)

  • Health data (such as medical record numbers, doctors, diagnoses, medications, test results, images, care, and treatment)

The information did not include any social security numbers, driver’s license or ID numbers, government ID numbers (e.g., passport, military, etc.), bank account or credit/payment card information. Additionally, this incident did not involve unauthorized access to Sharp medical record systems or patient portals.

We have no indication that anyone’s information has been misused. However, as a precaution, Episource is mailing notification letters to individuals whose information was involved in this incident. If you have questions, please call 1-877-786-0549, from 6 am to 5 pm Pacific Standard Time, Monday through Friday.

Because Episource may not have addresses for everyone, they are posting a substitute notice on their website as allowed by the Health Insurance Portability and Accountability Act (HIPAA). We regret any concern or inconvenience this incident may cause and remain committed to protecting the confidentiality and security of our patients’ information.