This infusion center software got hacked, leaving over 100,000 people affected

Hackers just hit a company that manages the digital infrastructure of infusion centers across the US, exposing Social Security numbers.

In yet another reminder that your private health data is barely holding on by a thread, Endue Software, a New York-based tech company serving infusion clinics, has confirmed a data breach that exposed the sensitive personal information of over 118,000 people.

The attack happened on February 16th, 2025, but details are only surfacing now, thanks to legally required notifications to regulators and affected individuals.

Endue – which builds software for managing patient scheduling, intake, inventory, and records at infusion centers – admitted that attackers managed to infiltrate its systems and copy troves of personal data.

Among the stolen data:

• Full names
• Social Security numbers
• Dates of birth
• Medical record numbers

“We also implemented additional security measures to mitigate risk associated with this event and to help prevent similar future incidents,” writes the company in a notice.

So far, there’s no confirmation that the stolen data has been misused, but as usual, victims are the ones left to watch their backs. The company is offering victims 12 months of free credit monitoring and identity theft protection.

This breach hits a particularly sensitive slice of healthcare. Infusion centers treat patients with complex, often chronic illnesses – people who are already navigating expensive care regimens, insurance labyrinths, and life-altering diagnoses. Now, they have to worry about their digital identities as well.

Don’t miss our latest stories on Google News

Follow us

A system under siege

The Endue breach is just the latest entry in a brutal wave of cyberattacks battering the US healthcare sector.

Medical Express Ambulance (MedEx) operating in Illinois had to admit that a hack compromised personal and medical data from over 118,000 individuals, including passport numbers and insurance info.

At the national scale, UnitedHealth Group confessed to a data disaster that exposed 100 million Americans, making it one of the biggest healthcare breaches in US history.

Last year, Regional Care Inc. (RCI) had to alert nearly 250,000 people after hackers ripped through its systems. Ascension Health, one of the largest healthcare providers in the country, revealed that 5.6 million people were affected in their own breach.