On April 11, 2025, New York-based Endue Software announced that a data breach compromised the personal and health data of more than 118,000 patients.
What happened
Endue Software, a healthcare technology company that supports infusion centers, recently reported a cybersecurity incident that exposed the protected health information (PHI) and personally identifiable information (PII) of thousands of individuals. On February 17, 2025, Endue detected unauthorized access to its systems, one day after threat actors infiltrated its digital infrastructure and exfiltrated sensitive data.
The stolen information specifically includes names, Social Security numbers, addresses, dates of birth, and medical record numbers. These data points are particularly sensitive given that Endue’s clients include patients undergoing infusion therapies for chronic or complex conditions.
The company has since launched an investigation, implemented additional security measures, and notified affected individuals. On April 11, 2025, Endue began distributing breach notices and offering 12 months of complimentary credit monitoring and identity theft protection services.
What was said
The Endue public notice of data privacy event states, “While Endue is not aware of any actual or attempted identity fraud resulting from this incident, we are offering details to potentially affected individuals, along with steps they can take to help protect themselves from possible misuse of their information.”
The Endue notice to affected Maine residents adds, “Upon discovering the event, Endue moved quickly to investigate and respond to the incident, assess the security of Endue systems, and identify potentially affected individuals.”
The bottom line
In response to this data breach, “Endue is providing access to credit monitoring services for twelve (12) months, through Cyberscout through Identity Force, a TransUnion company, to individuals whose Social Security number or similar data element was potentially affected by this incident, at no cost to these individuals.”
Ultimately, affected individuals must monitor their credit reports, set up fraud alerts, and enroll in the free credit monitoring service offered.
FAQs
What is a data breach?
A breach occurs when an unauthorized party gains access to, uses, or discloses protected health information (PHI) without permission. Examples of breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
What should individuals do if their data has been compromised?
If individuals suspect their data has been compromised, they must monitor their accounts for suspicious activity and report any unauthorized transactions immediately.
Are there any costs associated with placing a fraud alert or credit freeze?
No, under U.S. law, consumers are entitled to a free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. So, placing a fraud alert or credit freeze does not incur any costs.
