Healthcare software program as a service (SaaS) firm Phreesia is notifying over 910,000 those that their private and well being information was uncovered in a Could breach of its subsidiary ConnectOnCall, acquired in October 2023.
ConnectOnCall is a telehealth platform and after-hours on-call answering service with automated affected person name monitoring for healthcare suppliers.
“On May 12, 2024, ConnectOnCall learned of an issue impacting ConnectOnCall and immediately began an investigation and took steps to secure the product and ensure the overall security of its environment,” the corporate revealed.
“ConnectOnCall’s investigation revealed that between February 16, 2024, and May 12, 2024, an unknown third party had access to ConnectOnCall and certain data within the application, including certain information in provider-patient communications.”
After discovering the breach, Phreesia notified federal regulation enforcement of the incident and employed exterior cybersecurity specialists to research its nature and impression.
Phreesia additionally took ConnectOnCall offline and has since been working to revive the methods inside a brand new and safer setting.
Whereas the assertion does not embody the whole variety of folks impacted, ConnectOnCall informed the U.S. Division of Well being and Human Providers that the breach affected the protected well being info of 914,138 sufferers.
​The non-public info uncovered through the virtually three-month-long breach consists of info shared in communications between sufferers and their healthcare suppliers, resembling names and telephone numbers.
This will likely have additionally included medical document numbers, dates of start, in addition to info associated to well being situations, remedies, or prescriptions, and, in a small variety of circumstances, the affected people’ Social Safety Numbers.
“The ConnectOnCall service is separate from Phreesia’s other services, including our patient intake platform. Based on our investigation to date, there is no evidence that our other services have been affected,” Phreesia stated in a separate assertion on its official web site.
“We understand the importance of this service to our clients’ business, and we are working to restore the ConnectOnCall service as quickly as possible.”
Phreesia additionally suggested doubtlessly impacted people to report suspected id theft or fraud to their insurer, well being plan, or monetary establishment, regardless that the corporate has no proof that the uncovered private info has been misused.
