Thought Leadership
A massive hacker attack has exposed the data of over 118,000 patients in the USA. The company affected is New York-based Endue Software, which provides digital infrastructure for infusion centers.
The attack is one in a series of security incidents that have shaken the US healthcare system.
Data leak with far-reaching consequences
The attack occurred on February 16, 2025, but the details only became public now – through legally required notifications to supervisory authorities and affected persons. According to the company, the attackers were able to penetrate deep into the system and copy a large amount of sensitive data. This included full names, social security numbers, dates of birth and medical record numbers.
In an official statement, Endue said: “We have also implemented additional security measures to mitigate the risk associated with this incident and prevent similar future occurrences.”
So far, there are no indications that the stolen information has already been misused. Nevertheless, those affected are now faced with the challenge of protecting themselves against possible identity theft. Endue is offering them one year of free credit monitoring and identity protection.
Vulnerable patient group particularly affected
Particularly explosive: the facilities affected often treat people with chronic, serious illnesses. This patient group already has to contend with high treatment costs, complex insurance procedures and stressful diagnoses – and now there is the added concern about their digital identities.
The case is one in a worrying series of cyberattacks on the US healthcare system. Only recently, Medical Express Ambulance (MedEx) in Illinois had to admit to a data leak that also affected more than 118,000 people. Among other things, passport numbers and insurance data were compromised.
The incident at UnitedHealth Group reached an even greater scale, affecting around 100 million people – one of the largest data breaches in the history of the US healthcare system.
Several major attacks were also reported last year: Regional Care Inc (RCI) had to inform almost 250,000 people whose data was exposed following a hacker attack. Ascension Health, one of the country’s largest healthcare providers, even had 5.6 million people affected.
Weak point in the healthcare system
The recent incident at Endue Software shows once again how vulnerable the digital infrastructure in the healthcare sector is – and how high the price for these vulnerabilities can be. For those affected, it’s not just about numbers and data, but about trust in a system that is supposed to protect them.
