Imagine360, LLC (“Imagine360”) is making potentially impacted individuals aware of a data security incident involving third-party file sharing platforms used by Imagine360 to process claims associated with individuals’ health insurance plans.
On or around January 30, 2023, Imagine360 identified unusual activity within a third-party file sharing platform, Citrix. Citrix is used by Imagine360 to securely exchange files related to self-insured health plans. In response, Imagine360 terminated access to the platform, reset passwords, and confirmed the security of its environment since the platform is externally hosted outside of the Imagine360 environment.
In conjunction with these efforts, Imagine360 promptly launched an investigation to determine the full nature and scope of the activity. During the course of this investigation, on or around February 3, 2023, Fortra, a third-party vendor who owns and manages another third-party file sharing platform used by Imagine360 notified Imagine360 of a data security incident. According to Fortra, an unauthorized actor copied data maintained in this platform belonging to multiple organizations, including Imagine360.
In response, Imagine360 worked with Fortra to gather more information regarding the full nature and scope of this incident, since the platform is also externally hosted outside of the Imagine360 environment. In addition to this, Imagine360 decided to conduct its own internal investigation into the incident to confirm the full scope of the incidents. Through its investigation of both incidents, Imagine360 learned files were copied from both platforms between January 28 and January 30, 2023.
What Information Was Involved?
The information identified in the impacted files includes name, medical information, health insurance information, and Social Security Number.
What We Are Doing
Imagine360 takes these incidents and the privacy of information in its care seriously. We conducted a diligent investigation to confirm the full nature and scope of these incidents. We also took prompt steps to ensure that the incidents did not impact Imagine360’s internal systems while conducting a comprehensive review of the information potentially affected. We also reported these incidents to federal law enforcement and will be notifying applicable state and federal regulators.
Further, as part of our ongoing commitment to the privacy and security of information in our care, we suspended use of Fortra’s platform and implemented additional safeguards to our existing policies, processes, and security measures.
What You Can Do
Individuals are encouraged to remain vigilant against incidents of identity theft and fraud, and to review their account statements and explanation of benefits along with monitoring their free credit reports for suspicious activity and to detect errors. It is also recommended that individuals review the “Steps Individuals Can Take To Protect Personal Information” section below.
For More Information
We understand you may have additional questions not addressed by this letter. If you have questions, please contact our dedicated call center at (888) 220-5801, Monday through Friday, from 6 a.m. – 6 p.m. Pacific Time (excluding U.S. holidays).
We regret any inconvenience caused by these incidents.