Data Breach Hits Telehealth Platform, Affects Over 910,000 Patients
Data breaches are becoming an alarmingly common occurrence, and the latest one to come to light is a particularly concerning one. A data breach at ConnectOnCall, a telehealth platform and after-hours call service owned by Phreesia, has exposed sensitive personal and medical information belonging to over 910,000 patients.
The breach, which lasted from February 16 to May 12, 2024, allowed an unknown hacker to gain access to provider-patient communications. Phreesia, which acquired ConnectOnCall in October 2023, discovered the breach on May 12 and immediately took action to secure the platform and report it to federal law enforcement.
The stolen data includes names, phone numbers, medical record numbers, dates of birth, and details about health conditions, treatments, or prescriptions. In a few cases, Social Security numbers were also compromised. Phreesia is mailing notification letters to all affected individuals, and those whose Social Security numbers were exposed are being offered identity and credit monitoring services.
The risks associated with this breach are significant. Unlike financial breaches, where compromised accounts can be frozen or replaced, health information is permanent and highly sought after on the dark web. Cybercriminals may exploit this data to commit identity theft, obtain prescription drugs fraudulently, or file false insurance claims.
To keep yourself safe from such data breaches, consider the following:
1. Regularly monitor your financial and medical accounts for any unusual or unauthorized activity.
2. Use strong passwords and two-factor authentication.
3. Enable two-factor authentication wherever possible.
4. Don’t fall for phishing scams and use strong antivirus software.
5. Use identity theft protection services.
6. Freeze your credit.
7. Remove your personal data from the internet.
The ConnectOnCall data breach highlights the need for robust cybersecurity measures within the healthcare sector, where the stakes are often much higher than in other industries. As the most affected individuals, it is crucial for those impacted to stay vigilant and monitor their accounts, enable fraud alerts, and consider identity theft protection services.