Electronic Protected Health Information, or ePHI, is health data stored, processed, or transmitted in digital form that can identify a patient. It includes records such as diagnoses, lab results, billing details, insurance information, and patient portals when those records are tied to a person.
In cyber security, ePHI matters because it is both sensitive and regulated. If attackers steal, encrypt, or expose it, the impact can include patient harm, legal exposure, mandatory notifications, and operational disruption. Ransomware crews often target healthcare systems because ePHI increases pressure to restore service quickly. Defenders protect it with access control, encryption, logging, segmentation, strong authentication, and tested backups. During an incident, teams first verify whether ePHI was actually reached, then contain the affected systems, preserve evidence, and assess notification duties. The key point is that not every website issue is an ePHI breach, but any system connected to patient data must be treated as high risk until proven otherwise.