ConnectOnCall Data Breach Exposes Health Records of Over 910,000 Patients

Dec 19, 2024

Incident Overview

ConnectOnCall Data Breach Exposes Health Records of Over 910,000 Patients Summary

On May 12, 2024, ConnectOnCall, a telehealth and automated patient call-tracking service, discovered unauthorized access to its systems. An investigation revealed that the breach spanned from February 16, 2024, to May 12, 2024, during which an unidentified third party accessed provider-patient communications.

Upon discovering the incident, Phreesia promptly took ConnectOnCall offline and enlisted external cybersecurity experts to assess the breach. Federal law enforcement was also notified.

Exposed Data

The breached data includes sensitive patient-provider communications. Specifically, the information compromised may include:

  • Names and phone numbers

  • Medical record numbers

  • Dates of birth

  • Health conditions, treatments, or prescriptions

  • Social Security Numbers (in limited cases)

A total of 914,138 patients were affected, as reported to the U.S. Department of Health and Human Services.

Response and Mitigation Efforts

Phreesia has taken steps to secure the ConnectOnCall service, rebuilding it in a new and more secure environment. The company has assured that the breach is isolated to ConnectOnCall and does not impact other Phreesia services, such as its patient intake platform.

Phreesia’s official statement emphasized their commitment to restoring the ConnectOnCall platform quickly and securely, noting, “We understand the importance of this service to our clients' business.”

Recommendations for Impacted Individuals

Although there is currently no evidence of misuse of the exposed data, Phreesia advises potentially impacted individuals to take precautions, including:

  • Monitoring their health insurance accounts for suspicious activity

  • Reporting potential identity theft or fraud to relevant institutions

  • Reviewing free credit monitoring or fraud protection services

Conclusion

The breach at ConnectOnCall highlights the risks associated with sensitive healthcare data in telehealth platforms. Phreesia’s efforts to address the issue underscore the importance of robust cybersecurity measures to protect patient information.

Summary:

Healthcare SaaS provider Phreesia has disclosed a significant data breach at its subsidiary, ConnectOnCall, affecting the personal and health data of over 910,000 patients. The breach, which occurred over a three-month period, exposed sensitive patient information, including medical details and, in some cases, Social Security Numbers.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.

Latest News

Hertz Data Breach 2025: Cleo Vulnerability Exposes Sensitive Customer Information
Hertz Data Breach 2025: Cleo Vulnerability Exposes Sensitive Customer Information
Hertz Data Breach 2025: Cleo Vulnerability Exposes Sensitive Customer Information
Hertz Data Breach 2025: Cleo Vulnerability Exposes Sensitive Customer Information

Hertz Data Breach 2025: Cleo Vulnerability Exposes Sensitive Customer Information

Hertz Data Breach 2025: Cleo Vulnerability Exposes Sensitive Customer Information

Hertz Data Breach 2025: Cleo Vulnerability Exposes Sensitive Customer Information

Hertz Data Breach 2025: Cleo Vulnerability Exposes Sensitive Customer Information

Apr 22, 2025

2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants
2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants
2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants
2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants

2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants

2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants

2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants

2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants

Mar 27, 2025

Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted
Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted
Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted
Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted

Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted

Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted

Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted

Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted

Mar 12, 2025

Bybit Suffers Historic $1.5 Billion Ethereum Heist
Bybit Suffers Historic $1.5 Billion Ethereum Heist
Bybit Suffers Historic $1.5 Billion Ethereum Heist
Bybit Suffers Historic $1.5 Billion Ethereum Heist

Bybit Crypto Exchange Hit by $1.5 Billion Ethereum Hack – Largest Digital Heist in History

Bybit Crypto Exchange Hit by $1.5 Billion Ethereum Hack – Largest Digital Heist in History

Bybit Crypto Exchange Hit by $1.5 Billion Ethereum Hack – Largest Digital Heist in History

Bybit Crypto Exchange Hit by $1.5 Billion Ethereum Hack – Largest Digital Heist in History

Feb 25, 2025

Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals
Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals
Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals
Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals

Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals

Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals

Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals

Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals

Feb 12, 2025

Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations
Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations
Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations
Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations

Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations

Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations

Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations

Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations

Feb 12, 2025

Get updates in your inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Get updates in your

inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.