ConnectOnCall Faces Large-scale Data Breach
Nearly a million people may have had their confidential personal and medical data swiped from ConnectOnCall's systems, courtesy of a data breach reported in May. ConnectOnCall, a subsidiary of Phreesia, is a digital answering service purveyor facilitating healthcare providers to manage patient calls after office hours.
The Personal and Health Data Compromise
Escalating the severity of the breach is a broad spectrum of information, ranging from basic patient details such as names, phone numbers, and dates of birth, to more sensitive data including health conditions, treatments, prescriptions, and in some instances, Social Security numbers. This information is typically conveyed between patients and doctors who took advantage of ConnectOnCall's services.
Although Phreesia refrained from specifying a headcount, the U.S. Department of Health and Human Services was informed that 914,138 individuals were being alerted about the potential theft of their information. According to the official data breach statistics, the intrusion at ConnectOnCall was the healthcare sector's 14th largest data violation in 2024.
Announcement of the Security Incident and Subsequent Actions
The security breach came to light on May 12, 2024, when ConnectOnCall realized an issue affecting its service. Swift action followed as an immediate investigation was launched to resolve the issue and gauge its extent, while steps to secure their product and overall surroundings were taken. The findings unveiled that an unidentified external entity had access to the application and patient-provider communications data from February 16 through May 12, 2024.
To fully comprehend the incident's magnitude and affected information, ConnectOnCall brought external cybersecurity experts on board. Simultaneously, measures were being implemented to enhance their security controls to deter future breaches. Following the detection of the breach, the ConnectOnCall service was taken offline and a phased restoration plan was put into motion in a reinforced secure environment. Federal law enforcement was also informed of the incident.
Potential victims of this breach, albeit ConnectOnCall has no knowledge of any misuse of the pilfered information or harm caused to patients, are urged to stay cautious and report any suspicious identity theft or fraudulent activity to their health plan, insurer, or financial institution.
On December 11, 2024, ConnectOnCall mailed notification letters to the current addresses provided by the compromised healthcare providers of all potentially impacted individuals. The letters contained details of the incident alongside an offer for identity and credit monitoring services through Kroll. Affected individuals were specifically targeted when Social Security numbers were involved.
Individuals seeking further information about this incident can call ConnectOnCall toll-free at (866) 997-4596, available Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time.
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now