Endue Software has agreed to an $870,000 settlement to resolve a consolidated class action lawsuit related to a cyberattack and data breach that affected more than 118,000 individuals.
Endue Software is a software-as-a-service company that provides healthcare providers with an infusion management platform for handling infusion operations. The company identified suspicious activity within its systems on February 17, 2025. A forensic investigation confirmed that unauthorized access occurred for a short period on February 17, 2025, and files containing patient information including PHI were copied during that time.
The compromised information included full names, addresses, birth dates, medical record numbers, and Social Security numbers. Affected individuals received notification of the incident on April 11, 2025.
Multiple class action lawsuits were filed following the data breach. The cases were consolidated under Pauley, et al. v. Endue Inc. d/b/a Endue Software in the United States District Court for the District of Maine. The consolidated litigation asserted that the data breach resulted from a failure to implement reasonable and appropriate cybersecurity measures and alleged that the incident could have been prevented.
The lawsuit included claims for breach of third-party beneficiary contract, negligence and negligence per se, unjust enrichment, injunctive relief, and declaratory judgment. Endue Software denied the allegations and maintained that it was not liable and had not engaged in wrongdoing.
The parties later pursued discussions regarding an early resolution. The parties agreed that the 17th Judicial Circuit in and for Broward County, Florida, would serve as the venue for settlement discussions. The consolidated lawsuit in Maine was dismissed and refiled in Florida. The refiled action alleged claims for breach of third-party beneficiary contract, negligence and negligence per se.
The proposed settlement received preliminary court approval. Under the settlement terms, class members are eligible to receive two years of medical data monitoring and credit monitoring services.
Class members may also submit claims for reimbursement of documented and unreimbursed losses connected to the data breach. The reimbursement amount is capped at $2,500 per class member. An alternative option allows class members to seek a one-time cash payment of $65 instead of reimbursement for documented losses.
The settlement established a $260,000 fund for the alternative cash payments. The payment made to claimants may be higher or lower on a pro rata basis according to the number of approved claims submitted. The settlement fund is restricted to $870,000.
The deadline to object to the settlement or request exclusion from the settlement is June 30, 2026. The deadline for submitting a claim is also June 30, 2026. A final fairness hearing is scheduled for July 15, 2026.