Sharp HealthCare, a major integrated regional health system in San Diego, California, disclosed in June 2025 that a breach at Episource, its third-party healthcare risk adjustment and analytics vendor, had exposed patient records. Exposed data included Social Security numbers, health insurance plan IDs, medical records and chart information, diagnoses, clinical notes, images, and diagnostic test results. The depth of clinical data exposed — including imaging and test results — was particularly severe. Sharp HealthCare filed notifications with HHS OCR and notified affected patients. Episource provides risk adjustment documentation and analytics to health plans and provider groups across the US; this breach affected patients whose data had been shared for clinical documentation improvement purposes.