HQ/EMEAFind out how we can help your business
The ConnectOnCall breach that occurred last May could impact the personal and health information of more than 900,000 patients.
This discovery was mentioned in Phreesia’s advisory, a healthcare software as a service (SaaS) provider. The provider explained to the potentially affected individuals that their personal and health data was exposed in a May breach of its subsidiary ConnectOnCall, which it bought in October 2023.
The ConnectOnCall breach has put every caller’s data at risk.
The ConnectOnCall breach has a widespread impact since it is a telemedicine platform and after-hours answering service that aids healthcare practitioners with automated patient call tracking.
Research indicated that between February 16, 2024, and May 12, 2024, an unknown third party acquired access to ConnectOnCall and specific data within the app, including information in provider-patient communications.
After finding the intrusion, Phreesia contacted federal authorities and recruited an external security provider to study the nature and consequences of the breach. As a preventive measure, Phreesia took ConnectOnCall offline and has been attempting to restore the systems in a new, more secure environment.
While the notification does not provide the exact number of people affected, ConnectOnCall disclosed that the incident compromised the protected health information of approximately 914,138 patients.
Additionally, the confirmed compromised data during the almost three-month-long breach included names and phone numbers shared between patients and their healthcare providers. This data may have also included medical record numbers, dates of birth, information about health issues, treatments, or prescriptions, and, in a few circumstances.
The ConnectOnCall service is independent of Phreesia’s other offerings, such as its patient intake platform. Based on their findings so far, there is no evidence that the breach has impacted its other services.
The company also assured the public that they recognise the significance of this service to its client’s businesses. Hence, they are working extra hours to restore ConnectOnCall as soon as possible.
Potentially affected consumers should report suspected identity theft or fraud to their insurance, health plan, or financial institution, even if the company has no evidence that the attackers have misused the exposed personal information.
Users who may be among the 900,000 affected individuals should be wary of unsolicited communications. The actors may also use the breached data to execute other malicious activities, such as social engineering and phishing campaigns.
