Endue Software Data Breach Affects 118,028 Americans: SSNs Exposed

On February 16, 2025, Endue Software, a healthcare technology company specializing in infusion management platforms, experienced a significant data breach affecting 118,028 individuals across the United States. The breach was discovered on March 31, 2025, and involved unauthorized access to certain internal systems. During a brief window, an unknown actor accessed and copied files containing sensitive information.

The types of information exposed vary by person but may include full name, address, Social Security number (PII), date of birth (PII), and medical record number (PHI). For some, medical records and additional medical information were also involved.

The breach impacted individuals in several states, including 5,650 in Texas, 54 in Maine, 175 in Massachusetts, and 67 in New Hampshire. Endue Software reported the incident to multiple state authorities and the U.S. Department of Health and Human Services.

The company’s official notice to consumers, which provides further details, is available on the Endue Software data privacy event page. Additional disclosures can be found on the Maine Attorney General’s website, Texas Attorney General’s portal, Massachusetts Attorney General’s site, California Attorney General’s reports, Vermont Attorney General’s notice, New Hampshire Attorney General’s PDF, and the U.S. Department of Health and Human Services breach portal.

The severity of this breach is notable due to the nature of the information accessed—both personally identifiable information and protected health information were involved. Although there is no evidence that the information has been misused, the exposure of Social Security numbers and medical data presents a risk for identity theft and medical fraud.

Endue Software's response

Upon learning of suspicious activity on February 17, 2025, Endue Software immediately secured its systems and launched an investigation to determine the extent of the breach. The company worked with cybersecurity experts to analyze which files were accessed and which individuals were affected. Endue Software began mailing notification letters to affected individuals with valid addresses on April 11, 2025. The company also posted a public notice on its website and published information in print media.

To assist those affected, Endue Software has set up a dedicated assistance line at 1-833-998-5748 and encourages individuals to monitor their accounts for suspicious activity. The company’s consumer notice includes detailed steps for protecting personal information, such as requesting free credit reports, placing fraud alerts or credit freezes with major credit bureaus, and contacting the Federal Trade Commission for further guidance. If you believe you may be affected, it is important to stay vigilant, review your credit reports, and consider placing a fraud alert or credit freeze on your credit file.

More information about the company can be found on the Endue Software website.