Healthcare,
Incident & Breach Response,
Industry Specific
Maine-Based Firm Already Facing Several Proposed Class Action Lawsuits in Breach
Endue Software, a provider of software solutions for medication infusion therapy based in Maine, has alerted over 118,000 individuals about a potential data breach resulting from a hacking incident identified in February. The company is currently facing multiple proposed federal class action lawsuits related to this data theft.
On April 11, Endue reported the breach to regulatory authorities, indicating that it became aware of potential unauthorized access to its systems on February 17. An investigation revealed that an intruder accessed specific computer systems briefly on February 16, during which certain internal files were copied.
The compromised data may include sensitive personal information, such as full names, addresses, Social Security numbers, dates of birth, and medical record numbers. Endue conducted a detailed review of the affected files, assessing the extent of the exposure.
According to Endue, its software is hosted on the Google Cloud platform and is compliant with HIPAA and SOC 2 Type 1 standards, assuring customers that patient data is secure. The software integrates with various electronic medical record systems including Epic, NextGen, and many others, as well as pharmacy systems such as CareTend and CPR+.
Legal actions initiated against Endue claim the company was negligent in adequately protecting the sensitive information of its users. Plaintiffs argue that the data breach increases the susceptibility of affected individuals to identity theft and fraud, seeking not only financial compensation but also injunctions that would compel Endue to enhance its cybersecurity measures.
As of now, the Department of Health and Human Services (HHS) has reported 231 significant health data breaches in 2025, affecting more than 20.3 million people. Notably, 84 of these breaches involved business associates like Endue, impacting nearly 8 million individuals.
The incident at Endue currently ranks as the seventh largest breach reported by HHS for 2025 related to a business associate. Given the scale and impact of this breach, it stands as a stark reminder of the vulnerabilities that can arise in software systems managing sensitive health information.
