Healthcare revenue cycle company Imagine360 is facing a proposed class-action lawsuit that alleges the company failed to protect private health information and personal data in the wake of a data breach.
According to Imagine360's website, the company identified unusual activity on or around Jan. 30 within third-party file sharing platform Citrix. Imagine360 uses Citrix to securely exchange files related to self-insurance plans. In response, Imagine360 terminated access to the platform, reset passwords and confirmed the security of its environment because the platform is hosted externally.
The company then launched an investigation to determine the full nature and scope of the breach, according to the website. Around Feb. 3, a third-party vendor that owns and manages another third-party file sharing platform used by Imagine360 notified the company of a data security incident. Forta said an unauthorized person copied data maintained in the platform belonging to multiple organizations, including Imagine360.
Imagine360 worked with Forta to gather more information about the incident and also conducted an internal investigation, according to the site. Imagine360 learned files were copied from both platforms between Jan. 28 and 30. The information identified in the affected files included names, medical information, health insurance information and Social Security numbers.
The lawsuit, filed in Pennsylvania federal court, alleges the company knew of the vulnerability before the hack and as such could have prevented the breach. The suit also alleges Imagine360 failed to comply with industry standards to protect highly sensitive personally identifiable information and protected health information.