Victim: ConnectOnCall | ConnectOnCall
Price: Not disclosed
Exfiltrated Data Type: Personal and medical information
Key Points :
- ConnectOnCall is a telehealth platform that experienced a data breach affecting over 900,000 individuals.
- The breach exposed personal information including names, phone numbers, and possibly Social Security numbers.
- Data was accessed by an unknown third party between February 16, 2024, and May 12, 2024.
- The company took its product offline and hired cybersecurity experts to investigate the breach.
- Impacted individuals were offered identity and credit monitoring services.
- ConnectOnCall notified law enforcement and began informing affected individuals on December 11, 2024.
ConnectOnCall disclosed a data breach impacting over 900,000 individuals, exposing their personal information.
ConnectOnCall is a telehealth platform and after-hours on-call answering service designed to enhance communication between healthcare providers and patients. It offers automated patient call tracking, HIPAA-compliant chat, and integrates with electronic health record (EHR) systems to streamline after-hours calls and care coordination.
The company disclosed a data breach that exposed personal information and medical information of more than 900,000 individuals.
The company discovered the security breach on May 12 and promptly began investigating into the incident.
The company discovered that between February 16, 2024, and May 12, 2024, an unknown third party had access to ConnectOnCall and certain data within the application, including certain information in provider-patient communications.
ConnectOnCall hired cybersecurity experts, took its product offline, and began restoring it in a secure environment. Federal law enforcement was also notified.
The breach may have exposed names, phone numbers, and possibly dates of birth, Social Security numbers, medical record numbers, and health-related information such as health conditions, treatments, or prescriptions.
“While ConnectOnCall is not aware of any misuse of personal information or harm to patients as a result of this incident, potentially impacted individuals are encouraged to remain vigilant and report any suspected identity theft or fraud to your health plan or insurer, or financial institution.” reads the Notice of Data Security Incident.
The company notified law enforcement and started notifying impacted individuals offering them identity and credit monitoring services.
“ConnectOnCall mailed notice letters to all potentially impacted individuals for whom the healthcare providers had current mailing addresses on December 11, 2024. The notice letter includes information about the incident and provides an offer for identity and credit monitoring services through Kroll for the limited number of individuals whose Social Security numbers were impacted.” concludes the notice.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
Original Source: https://securityaffairs.com/172053/data-breach/connectoncall-data-breach-impacted-over-900000-individuals.html