- Healthcare software ConnectOnCall hit with a data breach
- Over 900,000 patients data was accessed over three months
- This leaves patients at risk of identity theft
Software firm Phreesia has notified 914,138 individuals whose personal and health information was exposed by a data breach in May 2023 after using its ConnectOnCall software, which provides an after hours call service between patients and doctors.
An investigation has revealed an unknown third party had access to ConnectOnCall data between February 16 and May 12 20203, meaning sensitive provider-patient communications were compromised – including medical records, prescription information, full names, and phone numbers, with a ‘small number’ of social security numbers also exposed.
The incident has taken ConnectOnCall services offline until the service can be fully assessed and restored, and Phreesia is engaging with law enforcement to establish the potential impact.
The risks for patients
ConnectOnCall has offered identity and credit monitoring services, but only to the customers who have had social security numbers exposed For those not included, the best identity theft protection might be of some help.
Although there’s no evidence so far of malicious activity in connection with the breach, unknown actors accessing health data always poses significant risk.
“The ConnectOnCall service remains offline, and we are working diligently to assess the potential impact and restore the service,” the firm’s statement said.
“While ConnectOnCall is not aware of any misuse of personal information or harm to patients as a result of this incident, potentially impacted individuals are encouraged to remain vigilant and report any suspected identity theft or fraud to your health plan or insurer, or financial institution.”
The news is the latest in a series of healthcare breaches in 2024, with cybercriminals targeting the industry thanks to the sensitive nature of the data stored, and the critical nature of the service provided.
