August 7, 2023 – Investigation Complete, Lawsuit Filed
Thank you to everyone who reached out about their experience with the Imagine360 cyberattack. The investigation has been completed and at least one lawsuit has been filed, which you can read about here.
Head over to our blog to learn about why you typically won't need to do anything to join a case like this. Any relevant updates to this case will be posted to this page should they become available.
In the meantime, you can find a list of ongoing investigations on this page and sign up for our free weekly newsletter here.
At A Glance
This Alert Affects:
Anyone who received a letter from Imagine360 stating that their information may have been exposed in a data breach.
What’s Going On?
Attorneys are looking into whether a class action lawsuit can be filed against the health plan provider in light of two recent data breaches that may have exposed the personal and medical information of thousands of its clients’ employees.
What Could I Get from a Lawsuit?
A class action lawsuit could help compensate victims for any harm they experienced as a result of the data breaches. It could also potentially force the healthcare solutions provider to improve its data security.
Attorneys working with ClassAction.org want to hear from anyone who received notice from Imagine360 that their information may have been exposed during a data breach.
Imagine360, a healthcare company that offers self-funded health insurance plans for employers, announced on June 30 that two file-sharing platforms it used to process health insurance claims had been hacked within days of each other. Files containing employees’ personal and medical information were reportedly copied from both platforms between January 28 and 30, 2023.
The attorneys have reason to believe that Imagine360 may not have had adequate data security measures in place and are looking to file a class action lawsuit to help compensate victims.
Imagine360 Data Breaches: What Happened?
Imagine360 stated in an online data breach notice that around January 30, it discovered “unusual activity” within Citrix, a third-party file-sharing platform that the company uses to securely exchange files related to its health insurance plans.
While investigating the Citrix data breach, Imagine360 was notified on February 3 by third-party vendor Fortra that its GoAnywhere file-transfer software had also been compromised by an unauthorized party who had copied sensitive data maintained on the platform. Imagine360 later reported that 112,611 individuals were affected by a data incident, though it is unclear whether this number includes both breaches.
The company stated that the information exposed in the two data breaches included the names, medical information, health insurance information and Social Security numbers of its clients’ employees. Letters were mailed to affected individuals beginning around June 30.
The Fortra data breach, for which a Russian-linked ransomware group known as Clop has claimed responsibility, reportedly affected over 130 organizations and has already been the subject of several classactioncomplaints. An alert issued by the U.S. Department of Health and Human Services in response to the attack warned that Clop has almost exclusively targeted the healthcare industry, which is “particularly vulnerable” to cyberattacks due in part to the high value of patients’ medical information.
How a Lawsuit Could Help
If filed and successful, a class action lawsuit could help compensate data breach victims for any harm they experienced as a result of the breach, including:
Loss of privacy
Lost time spent responding to the breach (such as monitoring accounts, obtaining credit reports and medical records, or addressing fraudulent uses of their information)
Money spent responding to the breach (such as the cost of credit reports, bank fees, or additional credit monitoring and identity theft protection)
Unreimbursed losses resulting from the breach (such as fraudulent charges or medical bills)
Damage to credit
A lawsuit could also force Imagine360 to implement better data security to ensure that employees’ sensitive information remains protected against future data breaches.