Imagine360 data breach: medical information, Social Security numbers compromised


Imagine360, a health plan solution company based in Pennsylvania, has disclosed a data breach affecting over 130,000 people.

The company is among the victims hurt by Fortra's vulnerability, exploited by the notorious Cl0p gang.

It identified "unusual activity" within Citrix, a third-party file-sharing platform. Imagine360 immediately terminated access to the platform and launched an investigation into the activity. Unfortunately, during the investigation, it turned out that another file-sharing platform, Fortra, had also experienced a data security incident.

"According to Fortra, an unauthorized actor copied data maintained in this platform belonging to multiple organizations, including Imagine360," the company said in its notice of data security incident.

Cybernews has reported extensively on Fortra's GoAnywhere Managed File Transfer vulnerability, which was actively exploited at the beginning of the year by the Cl0p gang. At the time, companies like Procter & Gamble, Hitachi, Virgin Red, Pluralsight, and Munich Re, among others, confirmed the breach.

Imagine360 determined that sensitive files were copied at the end of January. Compromised information included: names, medical information, health insurance information, and Social Security numbers.

According to a data breach notification filed with Maine's Attorney General's Office, the incident has affected over 130,000 customers.

"Individuals are encouraged to remain vigilant against incidents of identity theft and fraud, and to review their account statements and explanation of benefits along with monitoring their free credit reports for suspicious activity and to detect errors," Imagine360 said.