Data breaches are becoming an alarming trend, and medical incidents stand out for their potentially lifelong effects. We just reported how a data breach occurred at a physician-led hospital Vein center exposes data of about 500,000 people to hackers. And now, another healthcare data breach has come to light, and this one is affecting even more people. The data breach exposed sensitive personal and medical information belonging to more than 910,000 patients through ConnectOnCall, a telemedicine platform and after-hours call service owned by Phreesia.
Get security alerts, tips from experts – Sign up for Cart Newsletter – Cyber Guy Report here
Medical professional working on laptop (Kurt “Cyber Guy” Knutson)
What you need to know
Healthcare software provider Phreesia has revealed that its ConnectOnCall service suffered a data breach that lasted from February 16, 2024 to May 12, 2024. During this time, unknown hackers gained access to the platform and extracted data from provider and patient communications. ConnectOnCall helps healthcare providers handle after-hours communications and automate patient call tracking.
Freesia, which acquired ConnectOnCall in October 2023, said it discovered the breach on May 12 and took immediate action. The company brought in outside cybersecurity experts to lock down its platform and reported the breach to federal law enforcement.
“On May 12, 2024, ConnectOnCall became aware of an issue impacting ConnectOnCall and immediately began an investigation and took steps to protect our products and ensure the security of our entire environment,” the company said. I am. revealed in a press release.
The breach affected 914,138 patients, according to a report filed with the U.S. Department of Health and Human Services. peepee computer). Stolen data includes names, phone numbers, medical record numbers, dates of birth, and details about health conditions, treatments, and prescriptions. In some cases, social security numbers were also compromised.
Phreesia claims that other services, such as its patient intake platform, were not affected. The company has since taken ConnectOnCall offline and is working to restore it to more secure settings.
ConnectOnCall did not respond to a request for comment by deadline.
![ConnectOnCall health data breach puts over 910,000 patients at risk](https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/1200/675/2-over-910000-patients-at-risk-after-connectoncall-health-data-breach-body.jpg?ve=1&tl=1)
emergency room sign (Kurt “Cyber Guy” Knutson)
Understanding brushing scams and how to protect yourself
Risks associated with ConnectOnCall data breaches
Because medical data is highly sensitive, the impact of this breach is significant. Unlike financial breaches, where compromised accounts can be frozen or replaced, health information is permanent and highly sought after on the dark web. Cybercriminals can exploit this data to commit crimes. identity theftincluding fraudulently obtaining prescription drugs and filing false insurance claims.
Additionally, detailed publicly available health information, such as diagnoses, treatments, and medications, can be used for targeted purposes. Phishing attack. Scammers can exploit a victim’s medical history to create a very convincing plan and increase their chances of success.
Phreesia mailed notification letters to all affected individuals for whom a healthcare provider had a valid address as of December 11, 2024. For people whose Social Security numbers have been compromised, the company offers identity and credit monitoring services.
![ConnectOnCall health data breach puts over 910,000 patients at risk](https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/1200/675/3-over-910000-patients-at-risk-after-connectoncall-health-data-breach-outro.jpg?ve=1&tl=1)
doctor writing notes (Kurt “Cyber Guy” Knutson)
Cyber crooks use AI to manipulate Google search results
7 ways to protect yourself from such data breaches
1) Regularly monitor your financial and medical accounts. Regularly review your medical records and health insurance statements for unusual or fraudulent activity. This helps quickly identify and address discrepancies and fraud.
Access your medical records online using a patient portal provided by your healthcare provider. These portals often have features that allow you to track your medical history and appointments.
2) Use strong passwords and two-factor authentication (2FA). Create strong, unique passwords for your online accounts, including your healthcare portal. Avoid using information that is easy to guess, such as birthdays or common words. Please consider using . password manager Generate and save complex passwords.
3) Enable two-factor authentication As far as possible: 2FA adds an extra layer of security by requiring a second form of authentication in addition to a password, such as a text message code or an authenticator app.
4) Don’t fall for phishing scams. Use strong antivirus software: Be careful about the information you share online and with whom you share it. Do not provide sensitive personal information, such as social security numbers or medical details, unless absolutely necessary. Verify the validity of requests for personal information. Scammers often pose as healthcare providers or insurance companies and ask you to click on a link in an email or message to reveal sensitive data.
The best way to protect yourself from malicious links is to install antivirus software on all your devices. This protection also warns you about phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best antivirus protection products of 2024 for Windows, Mac, Android, and iOS devices.
5) Use identity theft prevention services: Consider signing up for an identity theft protection service that monitors your personal information and alerts you to potential threats. These services can help you detect and respond to identity theft more quickly. Some identity theft protection services also offer identity theft recovery insurance and assistance for added peace of mind. Check out our tips and recommendations on how to protect yourself from identity theft.
6) Freeze your credits: A credit freeze prevents someone from opening new credit accounts in your name without your permission, reducing the risk of identity theft. Contact the major credit bureaus (Experian, Equifax, TransUnion) and request a credit freeze. This is often free and may be temporarily lifted if you need to apply for credit.
7) Delete your personal data from the internet. After being involved in a data breach, it’s important to minimize your online presence to reduce the risk of future fraud. Consider using a personal data deletion service that can remove your information from various websites and data brokers. This greatly reduces the possibility of your data being misused. Check out the data deletion services I recommend here.
Prevent people nearby from hearing your voicemails with this simple tip
Cart important points
The ConnectOnCall healthcare data breach highlighted the critical need for robust cybersecurity measures in the healthcare sector, where the risks are much higher than in other industries. This incident, which affected more than 910,000 patients, illustrates the serious risks posed by cyberattacks on healthcare platforms. Sensitive data such as medical records and social security numbers are permanent and can be exploited for identity theft and fraud. If you have been affected, please remain vigilant by monitoring your accounts, enabling fraud alerts, and considering identity theft protection services.
Do you think healthcare providers should face stricter regulations to protect sensitive patient information? Email us at. Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter using the link below. Cyberguy.com/Newsletter.
Ask Kurt a question or let us know your story you’d like us to cover.
Follow Kurt on his social channels.
Answers to CyberGuy frequently asked questions:
New from cart:
Copyright 2024 CyberGuy.com. Unauthorized reproduction is prohibited.