Endue Software Confirms Data Breach Impacting Over 118,000 Patients at U.S. Infusion Clinics
New York-based Endue Software, a healthcare technology firm providing digital systems for infusion centers, has disclosed a data breach that exposed sensitive personal and medical information of over 118,000 individuals.
The cybersecurity incident occurred on February 16, 2025, but was publicly disclosed only recently, following mandatory notifications to state regulators and affected patients.
Attack Targeted Digital Infrastructure of Infusion Centers
Endue Software builds and manages software platforms that support critical functions at infusion clinics, including:
- Patient scheduling
- Intake processing
- Inventory tracking
- Medical records management
The company confirmed that threat actors successfully infiltrated its systems and copied data belonging to thousands of individuals.
Stolen information includes:
- Full names
- Social Security numbers
- Dates of birth
- Medical record numbers
In its notification to affected individuals, the company stated:
“We also implemented additional security measures to mitigate risk associated with this event and to help prevent similar future incidents.”
Victims Offered Identity Protection Services
While there is currently no confirmation that the stolen data has been misused, Endue is offering 12 months of free credit monitoring and identity theft protection to all affected patients.
The breach is particularly concerning as it impacts patients undergoing chronic and complex medical treatments. These individuals already face high healthcare costs and now face additional risks to their digital identities.
Part of a Broader Wave of Healthcare Cyberattacks
The Endue breach adds to a growing number of high-impact cybersecurity incidents in the U.S. healthcare sector:
- Medical Express Ambulance (MedEx) in Illinois reported a breach affecting 118,000 individuals, exposing passport numbers and insurance data.
- UnitedHealth Group confirmed a breach impacting 100 million Americans, one of the largest healthcare data exposures in history.
- Regional Care Inc. (RCI) notified nearly 250,000 patients following a system-wide breach.
- Ascension Health reported that 5.6 million people were affected by its own data compromise.
The increasing frequency of such incidents is raising alarms about security vulnerabilities in healthcare IT infrastructure, particularly for service providers managing critical patient information and care workflows.
Endue has not disclosed how attackers gained access to its systems. Investigations into the incident are still ongoing.
