December 16, 2024
Have you ever called your doctor’s office after hours and been connected to a digital answering service? If so, you might be one of the almost 1 million individuals whose personal and health information was stolen in a May data breach involving ConnectOnCall.
ConnectOnCall is a digital answering service owned by healthcare tech company Phreesia. The service allows patients to leave messages for their doctors’ offices after hours, which are then reviewed and responded to by medical staff during working hours.
What Happened in the Data Breach
In May 2024, ConnectOnCall suffered a data breach that involved sensitive information shared between patients and doctor’s offices. The breached data includes:
- Patient names: Those affected may have had their names compromised.
- Phone numbers: Patients’ phone numbers were also exposed in the breach.
- Dates of birth: This personal information was accessed by hackers.
- Health conditions, treatments, and prescriptions: Confidential medical information was stolen.
- Social Security numbers: In some cases, Social Security numbers were swiped by hackers.
Phreesia, the owner of ConnectOnCall, notified the U.S. Department of Health and Human Services that it would be notifying 914,138 people about the breach.
ConnectOnCall’s Response
While Phreesia did not provide an exact number of affected individuals, the company acknowledged the breach and assured patients that it was taking steps to prevent future incidents.
"We take the security of our customers’ data seriously and are committed to protecting their sensitive information," a spokesperson for ConnectOnCall said in a statement. "We have notified those affected and are working closely with law enforcement to investigate this incident."
The Impact on Healthcare
This breach is the 14th largest healthcare-related data breach of 2024, according to the government’s ongoing data breach count.
The consequences of such breaches can be severe for patients, including:
- Identity theft: Stolen Social Security numbers and other personal information can be used by hackers to commit identity theft.
- Medical identity theft: Compromised medical records can be used to access healthcare services or obtain prescription medication.
- Financial loss: Patients may incur costs associated with correcting their credit reports, notifying creditors, and replacing identification documents.
What Can You Do?
If you are one of the affected individuals, follow these steps:
- Monitor your accounts: Keep a close eye on your financial statements and credit reports for any suspicious activity.
- Change passwords: Update your passwords for all online accounts to prevent unauthorized access.
- Notify creditors: Inform your creditors about the breach and request that they take action to protect your identity.
- Consider a credit freeze: Placing a credit freeze can help prevent hackers from opening new accounts in your name.
By taking these precautions, you can minimize the risk of financial loss or identity theft resulting from the ConnectOnCall data breach.
Stay Informed
To stay up-to-date on the latest news and trends in cybersecurity, subscribe to TechCrunch’s Daily News, AITechCrunch, and Space newsletters.
By submitting your email address, you agree to ourTermsandPrivacy Notice.
Related Stories
- Hackers found a way to remotely unlock, start, and track millions of Subarus: Rebecca Bellan (2 hours ago)
- Biotech & Health: Neko, the body-scanning startup co-founded by Spotify’s Daniel Ek, snaps up $260M at a $1.8B valuation: Ingrid Lunden (12 hours ago)
- In Brief: Raymond Tonsing’s Caffeinated Capital seeks $400M for fifth fund: Marina Temkin (16 hours ago)
Latest in Security
- Trump administration fires members of cybersecurity review board in ‘horribly shortsighted’ decision: Lorenzo Franceschi-Bicchierai (1 day ago)
- In Brief: Conduent confirms outage was due to a cybersecurity incident: Carly Page (1 day ago)
What PowerSchool isn’t saying about its ‘massive’ student data breach: Carly Page (1 day ago)
