Endue Software Agrees to $870,000 Data Breach Settlement
Endue Software has agreed to pay $870,000 to settle a class action lawsuit that was filed in response to a cyberattack and data breach that affected more than 118,000 individuals. Endue Software is a software-as-a-service company that provides an infusion management platform to healthcare providers for managing infusion operations. On February 17, 2025, suspicious activity was identified within its systems. The forensic investigation confirmed unauthorized access for a short period on February 17, 2025, during which time files containing patient information were copied. Data compromised in the incident included full names, addresses, dates of birth, Social Security numbers, and medical record numbers. The affected individuals were notified on April 11, 2025.
Multiple class action lawsuits were filed in response to the data breach, which were consolidated – Pauley, et al. v. Endue Inc. d/b/a Endue Software – in the United States District Court for the District of Maine. The consolidated lawsuit alleged that the data breach occurred as a result of the failure to implement reasonable and appropriate cybersecurity measures and should have been prevented.
The lawsuit asserted claims for negligence/negligence per se, breach of third-party beneficiary contract, unjust enrichment, and declaratory judgment/injunctive relief. Endue Software denies all claims and contentions in the lawsuit, and maintains there is no liability and that there was no wrongdoing. Shortly after filing the lawsuit, the parties explored the possibility of an early resolution and agreed that the appropriate venue was the 17th Judicial Circuit in and for Broward County, Florida, for settlement discussions. The consolidated lawsuit was dismissed and refiled in Florida, asserting claims for negligence/negligence per se, and breach of third-party beneficiary contract.
The terms of a settlement were agreed upon, and the settlement has received preliminary approval from the court. The settlement provides two years of medical data and credit monitoring services, and class members may claim one of two cash payments. A claim may be submitted for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $2,500 per class member, or a claim may be submitted for an alternative one-time cash payment of $65.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
A $260,000 fund has been established to cover the alternative cash payments, which will be subject to a pro rata increase or decrease depending on the number of claims received. The total settlement fund is capped at $870,000. The deadline for objection to and exclusion from the settlement is June 30, 2026. The deadline for filing a claim is June 30, 2026, and the final fairness hearing has been scheduled for July 15, 2026.
