Sharp HealthCare Data Breach Affects Patient Info

In late April 2025, Sharp HealthCare, a not-for-profit health system in San Diego, was notified by its business associate, Episource, that a data breach had taken place. Episource, which provides services to Sharp HealthCare, discovered that it was one of several customers impacted by a ransomware attack.

The cybersecurity incident occurred between January 27, 2025, and February 5, 2025, when unauthorized individuals accessed and acquired information from Episource’s system. The data breach was confirmed on April 24, 2025, after Episource identified suspicious activity.

An investigation determined that Sharp HealthCare patient data stored on Episource’s system had been compromised. The types of information exposed in this incident include both personally identifiable information (PII) and protected health information (PHI).

Compromised information may have included name, address, phone number, email, date of birth, health insurance data which could include health plans or policies, insurance companies, member/group ID numbers and Medicaid/Medicare/government payor ID numbers. Health data may also have been compromised, which could include medical record numbers, doctors, diagnoses, medications, test results, images, care and treatment details.

The data breach was disclosed to the California Attorney General’s office on June 6, 2025. Sharp HealthCare also posted a dedicated notice for patients on its own website.

Episource has set up a dedicated response website with a Notice of Data Breach and has begun issuing disclosures as required by law.

Sharp HealthCare's response

Upon learning of the data breach, Sharp HealthCare worked with Episource to identify all affected patients and determine the extent of the information compromised. Law enforcement was notified to assist in the investigation.

Episource is mailing notification letters to individuals whose information was involved.

If you receive notification from Episource about this cybersecurity incident, you may want to:

• Sign up for the free IDX identity theft protection services, offered by Episource on the dedicated response website.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

Episource has set up a call center for affected Sharp HealthCare patients with questions or concerns at 877-786-2549, Monday through Friday, 8 a.m. to 8 p.m. CT.

For more details about Sharp HealthCare, visit the Sharp HealthCare website.