ConnectOnCall Data Breach Exposes Personal Information of 914000 Patients

Healthcare software service provider Phreesia has disclosed a significant data breach affecting its subsidiary ConnectOnCall, compromising the personal and medical information of over 914,000 patients. The breach occurred between February 16 and May 12, 2024, when an unknown third party gained unauthorized access to the telehealth platform's systems.

ConnectOnCall, a telehealth platform and after-hours on-call answering service, discovered the security incident on May 12 and immediately launched an investigation. The company promptly took the service offline and engaged with federal law enforcement and external cybersecurity specialists to assess the full scope of the breach.

The compromised data potentially includes sensitive personal and medical information such as patients' names, phone numbers, dates of birth, medical record numbers, and in some cases, Social Security numbers. The breach exposed communication-related information between patients and healthcare providers using the ConnectOnCall service.

Phreesia emphasized that the ConnectOnCall service is separate from its other services, including its patient intake platform, and there is currently no evidence that other systems were affected. The company has been working diligently to restore the service within a more secure environment.

According to the report submitted to the U.S. Department of Health and Human Services, the breach specifically impacted 914,138 patients. While the company has not reported any confirmed misuse of the exposed information, they are advising potentially affected individuals to remain vigilant and monitor for signs of identity theft or fraud.

As part of its response, ConnectOnCall has begun notifying impacted individuals through written letters. Those whose Social Security numbers were compromised will receive free identity and credit monitoring services to help mitigate potential risks associated with the data breach.

The incident highlights the ongoing challenges healthcare technology providers face in protecting sensitive patient information from cyber threats. It serves as a reminder of the critical importance of robust cybersecurity measures in handling personal and medical data.

Phreesia has recommended that potentially impacted individuals remain alert and report any suspected identity theft or fraudulent activities to their healthcare providers, insurers, or financial institutions. The company continues to work on improving its security infrastructure to prevent similar incidents in the future.

As the investigation continues, affected patients are encouraged to carefully review any communications from ConnectOnCall and take advantage of the offered identity monitoring services to protect themselves from potential financial or personal risks stemming from this data breach.

Found this article interesting? Keep visit thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive tips like this. 

You may also like these articles: Here are the 5 most contextually relevant blog posts: