- Healthcare software ConnectOnCall suffers data breach
- Accessed data on more than 900,000 patients in three months
- This puts patients at risk of identity theft
Software company Phreesia has notified 914,138 individuals that their personal and health information was exposed in a data breach in May 2023 after using its ConnectOnCall software, which provides after-hours calls between patients and doctors.
An investigation revealed that an unknown third party accessed ConnectOnCall data between February 16 and May 12, 2020, meaning sensitive provider-patient communications were compromised – including medical records, prescription information, all Names and phone numbers, including a “small number” of Social Security numbers, were also exposed.
The incident has caused the ConnectOnCall service to be taken offline until the service can be fully assessed and restored, and Phreesia is working with law enforcement to determine the potential impact.
Risks to patients
ConnectOnCall already offers identification and credit monitoring services, but only to customers who have exposed their Social Security numbers. For customers not included, Best Identity Theft Protection Might be of some help.
While there is no evidence of malicious activity related to this leak so far, unknown actors accessing health data always poses a significant risk.
“The ConnectOnCall service remains offline and we are working to assess the potential impact and restore service,” the company’s statement said.
“While ConnectOnCall is not aware of any misuse of personal information or harm to patients resulting from this incident, potentially affected individuals are encouraged to remain vigilant and report any suspected identity theft or fraud to your health plan or insurance company or financial institution. “
This news is the latest in a series Healthcare Breaches in 2024Cybercriminals target this industry due to the sensitivity of the data stored and the critical nature of the services provided.