ConnectOnCall Exposes Personal and Health Data of over 914k Patients. Featured
ConnectOnCall leaves patients to fend for themselves in wake of data breach that exposed identities of over 914k patients.
A class action lawsuit was recently filed against ConnectOnCall after it revealed that its systems were breached during a cyberattack that took place in May, 2024. The lawsuit alleges that ConnectOnCall was negligent in its failure to adequately secure its network according to industry standard guidelines.
About ConnectOnCall
ConnectOnCall.com, LLC , a subsidiary of Phreesiaprovides a product (“ConnectOnCall”) that healthcare providers purchase to improve their after-hours call process and enhance communications between the providers and their patients.
What Happened?
According to the Notice Letter being distributed to patients affected by the breach, on May 12, 2024, ConnectOnCall learned of an issue impacting its network. As soon as it learned of the issue, it engaged the services of third-party cybersecurity specialists, notified law-enforcement and immediately began an investigation.
The investigation revealed that between February 16, 2024, and May 12, 2024, an unknown third party had access to ConnectOnCall and certain data within the application, including certain information in provider-patient communication.
While the Notice Letter doesn’t include the total number of people impacted, ConnectOnCall told the U.S. Department of Health and Human Services that the breach affected the protected health information of 914,138 patients.
What Information was Stolen?
The personal information exposed during the almost three-month-long breach includes information shared in communications between patients and their healthcare providers, such information may have included –
- Name
- phone numbers
- date of birth
- Social Security number
- medical record numbers
- information related to health conditions, treatments or prescriptions
On December 13, 2024, ConnectOnCall.com sent out data breach letters to anyone who was affected by the data breach. These letters should provide victims with a list of what information belonging to them was compromised.
What is ConnectOnCall Doing To Protect My Identity?
According to the Notice Letters being mailed to affected patients, ConnectOnCall is NOT offering identity theft protection services. Instead it is asking affected individuals to always remain vigilant for incidents of fraud and identity theft, including by regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your accounts or suspect identity theft or fraud, be sure to report it immediately to your financial institutions.
The lawsuit seeks, in addition to damages, lifetime identity theft protection for those affected by the data breach.
What Can Hackers Do With My Information?
Stolen PII and PHI can be used to commit identity theft, open new credit accounts, make unauthorized purchases or obtain loans. Cybercriminals have recently targeted America’s essential industries and in so doing have forced millions of Americans to face the fallout from these attacks.
Leaked or stolen data can be sold on the dark web forums and may be used for fraud and medical identity theft, a type of fraud, where threat actors use stolen information to submit forged claims to insurers.
Clients affected by the breach are exposed to a heightened and imminent risk of fraud and identity theft. They must now and in the future closely monitor their financial accounts to guard against identity theft and fraud.
If you receive a data breach notification from ConnectOnCall it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options at no cost to you. For more information, please review these recommendations.
Protect Your Identity. Join the ConnectOnCall Data Breach Class Action.
The lawsuit alleges that ConnectOnCall breached its duties under common law and the Federal Trade Commission Act to implement reasonable security measures, comply with industry standards and federal data-security regulations, encrypt sensitive data, and provide adequate and timely notice of the breach.
If you receive a notification letter from ConnectOnCall you are at permanent risk of identity theft and the devastating financial and legal consequences that go along with it.
You may be eligible to participate in a class action lawsuit to recover compensation for loss of privacy, time spent dealing with the breach, out-of-pocket costs, and identity theft protection services.
The lawsuit looks to cover anyone in the USA whose private information was compromised by the breach announced by ConnectOnCall on December 13th, 2024.
Please complete the form shown on this page and a data breach attorney will contact you. There is no cost to you.