Imagine360 Settles Data Breach Lawsuit for $475,000
A settlement has received preliminary approval from a judge to resolve a class action complaint against Imagine360 over a 2023 hacking incident involving its Citrix file-sharing solution. Imagine360 is a Chesterbrook, Pennsylvania-based company that offers health plan administration and telemedicine services. On or around January 30, 2023, suspicious activity was identified within its Citrix file-sharing solution.
The solution was used by Imagine360 to securely transfer files with self-insured health plans. The investigation confirmed that sensitive data had been stolen, including names, medical information, health insurance information, and Social Security numbers. The breach was initially reported to the HHS’ Office for Civil Rights as affecting 112,611 individuals, although the total was later updated to 132,807 individuals.
A lawsuit was filed on February 19, 2025, Collins v. Imagine360, in the Circuit Court for the 17th Judicial Circuit in and for Broward County, Florida, over the data breach. The plaintiff alleged Imagine360 was negligent by failing to implement appropriate safeguards to keep sensitive data secure, and as a result of that failure, sensitive data was accessed without authorization and was stolen by hackers. The lawsuit also asserted claims of breach of implied contract and unjust enrichment.
Imagine360 denied and continues to deny any wrongdoing or liability and all claims made in the lawsuit; however, Image360 chose to settle the litigation to prevent further legal costs and the distractions, burden, expense, and disruption to its business operations from continuing to fight the litigation.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Under the terms of the settlement, a $475,000 settlement fund will be established that provides two options for cash payments. Class members may submit a claim for reimbursement of documented losses related to the data breach up to a maximum of $5,000. Costs covered by this option include bank fees, long-distance phone charges, cell phone charges, data charges, local travel costs, and credit report and credit monitoring costs.
Class members who did not suffer losses or do not wish to submit a claim may instead opt for a flat cash payment, estimated to be $75. The cash payments may be higher or lower depending on the number of valid claims received. Regardless of the option chosen, class members are also entitled to receive up to three years of free credit monitoring services.
The Honorable Hunter Davis recently gave his preliminary approval, and the final approval hearing is scheduled for August 15, 2025. The deadline for exclusion from and objection to the settlement is July 16, 2025, and the deadline for submitting a claim is July 31, 2025. The class was represented by Jeff Ostrow of Kopelowitz Ostrow P.A., and Nicholas Colella of Lynch Carpenter LLP.
Imagine360 was also part of a $20 million settlement to resolve a separate breach of a file transfer solution that was experienced within weeks of the Citrix file-sharing breach.
