A software developer in Maine, Endue Software, is alerting over 118,000 individuals about a potential data theft incident that took place in February. This breach, affecting users of their medication infusion therapy software, has already led to at least five proposed federal class action lawsuits. The company reported the breach to authorities by April 11, after discovering unauthorized access to its systems on February 17. An investigation revealed that an intruder had briefly accessed certain computer systems on February 16, during which files from internal systems were copied without authorization.

The stolen data varies among individuals but may include personal details such as full names, addresses, Social Security numbers, dates of birth, and medical record numbers. Despite the incident, Endue Software, which hosts its platform on Google’s Cloud, assures that its software complies with HIPAA and SOC 2 Type 1 standards, claiming robust security for patient data. Their platform is designed to integrate with various electronic medical records and pharmacy systems, including Epic, NextGen, Azalea, CareCloud, Meditab, and others.

One of the class action lawsuits accuses Endue of negligence in protecting sensitive information, arguing that the data breach exposes plaintiffs and class members to risks of identity theft and fraud. The plaintiffs are seeking financial compensation and demanding that Endue enhance its data security practices. The company has not yet responded to requests for more information about the breach or the legal actions it faces.

This incident is part of a broader trend of data breaches in the healthcare sector. As of the latest reports, the HHS Office for Civil Rights’ HIPAA Breach Reporting Tool lists 231 major health data breaches in 2025, affecting 20.3 million individuals. Notably, 84 of these breaches involve business associates, impacting nearly 8 million people, which is about 40% of the total affected individuals. Endue Software’s breach is currently the seventh largest involving a business associate this year.

The increase in data breaches highlights the pressing need for improved cybersecurity measures in the healthcare industry, especially for companies handling sensitive health information. As legal proceedings unfold, the case against Endue Software underscores the potential consequences of inadequate data protection and the vital importance of safeguarding personal and medical data against unauthorized access.