More than 910,000 patients at risk after ConnectOnCall health data breach

Health care software provider Phreesia has revealed that its ConnectOnCall service was hit by a data breach that lasted from Feb. 16 to May 12, 2024. During this time, an unknown hacker gained access to the platform and pulled data from provider-patient communications. ConnectOnCall helps health care providers handle after-hours communication and automate patient call tracking.

Phreesia, which bought ConnectOnCall in October 2023, discovered the breach on May 12 and says it jumped into action right away. The company brought in external cybersecurity pros to lock down the platform and reported the breach to federal law enforcement.

Phreesia claims its other services, like the patient intake platform, were not affected. The company has since taken ConnectOnCall offline and is working on bringing it back in a more secure setup.

We reached out to ConnectOnCall for a comment but did not hear back by our deadline.

Phreesia has mailed notification letters to all affected individuals for whom health care providers had valid mailing addresses as of Dec. 11, 2024. For those whose Social Security numbers were exposed, the company is offering identity and credit monitoring services.

1) Regularly monitor your financial and medical accounts: Periodically review your medical records and health insurance statements for any unusual or unauthorized activity. This can help you quickly identify and address any discrepancies or fraudulent activities.

Use patient portals provided by health care providers to access your medical records online. These portals often have features that allow you to track your medical history and appointments. 

4) Don't fall for phishing scams; use strong antivirus software: Be mindful of the information you share online and with whom you share it. Avoid providing sensitive personal information, such as Social Security numbers or medical details, unless absolutely necessary. Verify the legitimacy of any requests for personal information. Scammers often pose as health care providers or insurance companies to trick you into revealing sensitive data by asking you to click on links in emails or messages.  

6) Freeze your credit: A credit freeze prevents anyone from opening new credit accounts in your name without your authorization, reducing the risk of identity theft. Contact the major credit bureaus (Experian, Equifax and TransUnion) to request a credit freeze. This is often free and can be temporarily lifted when you need to apply for credit.

The ConnectOnCall health data breach highlights the critical need for robust cybersecurity measures within the health care sector, where the stakes are often much higher than in other industries. With over 910,000 patients affected, this incident shows the serious risks posed by cyberattacks on health care platforms. Sensitive data like medical records and Social Security numbers are permanent and can be misused for identity theft and fraud. If you were impacted, stay vigilant by monitoring your accounts, enabling fraud alerts and considering identity theft protection services. 

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.