Imagine360 health plan impacted in data breach of two file-sharing platforms

Imagine360, a self-funded health plan for employers, discovered that two of its file-sharing platforms were breached within a short period of time:

1. On or around January 30, unusual activity was identified in its Citrix platform, leading to immediate termination of access, password resets, and internal investigations.
2. Subsequently, on or about February 3, Imagine360 was notified by Fortra, the owner of the GoAnywhere platform, about a breach involving GoAnywhere.

Both breaches occurred outside Imagine360's environment and involved file-sharing platforms.

Investigations revealed that files were copied from both platforms between January 28 and January 30, 2023. The compromised information included

• names,
• medical information,
• health insurance details,
• Social Security Numbers.

While Imagine360 offers identity monitoring services, it remains uncertain if they will resume using Fortra or explore other options.

The details of the Citrix breach as well as the number of affected individuals is not share.

Update -  Imagine360 alerted over 112,000 individuals about a third-party data breach.