- Healthcare software ConnectOnCall suffered a data breach
- More than 900,000 patient data were consulted over three months
- This puts patients at risk of identity theft
Software company Phreesia has notified 914,138 individuals whose personal and health information was exposed in a data breach in May 2023 after they used its ConnectOnCall software, which provides an after-hours calling service between patients and doctors.
An investigation found that an unknown third party accessed ConnectOnCall data3 between February 16 and May 12, 2020, meaning sensitive communications between healthcare provider and patient were compromised – including medical records, prescription information, full names and phone numbers, with a ‘little number’. of social security numbers also exposed.
The incident has taken ConnectOnCall services offline until the service can be fully assessed and restored. Phreesia is working with police to determine the potential impact.
The risks for patients
ConnectOnCall has offered identity and credit monitoring services, but only to customers whose Social Security numbers have been made public. For those not included, the best identity theft protection can provide some help.
While there is no evidence of malicious activity associated with the breach to date, unknown actors with access to health data always pose a significant risk.
“The ConnectOnCall service remains offline and we are working hard to assess the potential impact and restore service,” the company’s statement said.
“While ConnectOnCall is not aware of any misuse of personal information or harm to patients as a result of this incident, potentially affected individuals are encouraged to remain vigilant and report suspected identity theft or fraud to your health plan, insurer or financial institution. ”
The news is the latest in a series of healthcare breaches in 2024, with cybercriminals targeting the sector thanks to the sensitive nature of the data stored and the critical nature of the service provided.