ConnectOnCall Breach Exposes Over 910,000 Patients' Data

2024-12-17

Discover the critical importance of securing telehealth platforms and how breaches can impact patient trust and data integrity.

 

The breach of ConnectOnCall, a telehealth subsidiary of Phreesia, exposed the personal and health data of over 910,000 patients between February and May 2024. The breach involved unauthorized access to provider-patient communications, revealing sensitive information such as names, phone numbers, and health-related details. Following the incident, Phreesia involved law enforcement, engaged cybersecurity experts, and took ConnectOnCall offline to enhance its security. They assured that their other services remain unaffected and advised impacted individuals to monitor for potential identity theft.

 

Key Facts

Risks:

Sensitive Data, Third-Party Vendor/SaaS

Keywords:

ConnectOnCall, Phreesia, Data Breach, Telehealth Security, Patient Data Exposure

CVE:

N/A

Affected:

ConnectOnCall, Phreesia, U.S. Department of Health and Human Services

 

Article Body

ConnectOnCall Data Breach Exposes Patient Information

Healthcare SaaS provider Phreesia has announced that over 910,000 patients had their personal and health data exposed due to a breach at its subsidiary, ConnectOnCall. This platform, specializing in telehealth services and after-hours patient communication, was compromised between February and May 2024.

Breach Discovery and Response

On May 12, 2024, ConnectOnCall detected unauthorized access to its systems and immediately initiated an investigation. They took steps to secure their platform and engaged external cybersecurity experts to assess the breach's scope and impact. Phreesia promptly informed federal law enforcement about the incident and began efforts to restore ConnectOnCall's services securely.

Impact on Patient Data

The breach exposed sensitive information shared between patients and healthcare providers. This included names, phone numbers, medical record numbers, birth dates, and details related to health conditions and treatments. In some instances, Social Security Numbers were also compromised. Despite the data exposure, Phreesia has no evidence of misuse but advises vigilance against identity theft.

Assurance and Next Steps

Phreesia emphasized that the breach did not affect its other services, such as its patient intake platform. The company is focused on restoring ConnectOnCall services swiftly and securely to maintain client trust and service continuity. They encourage affected individuals to report any suspicious activity to their financial and healthcare institutions.

 

Read More

https://www.bleepingcomputer.com/news/security/connectoncall-breach-exposes-health-data-of-over-910-000-patients/