The healthcare communication platform ConnectOnCall, operated by ConnectOnCall.com, LLC, has confirmed a significant data breach that compromised the personal information of 900,000 patients and healthcare providers.
The platform, designed to streamline after-hours communications between patients and healthcare providers, discovered the breach in May of this year.
The breach was identified on May 12, 2024, prompting an immediate investigation by the company. Preliminary findings revealed that between February 16, 2024, and May 12, 2024, an unknown third party illicitly accessed the platform and sensitive data within its application.
The exposed data is believed to include patient-provider communications, containing names, phone numbers, medical record numbers, dates of birth, and details related to health conditions, treatments, and prescriptions. In a limited number of cases, Social Security Numbers (SSNs) were also impacted.
2024 MITRE ATT&CK Evaluation Results Released for SMEs & MSPs -> Download Free Guide
Swift Company Response and Investigation
ConnectOnCall promptly secured its systems, taking the platform offline to prevent further data exposure.
The company enlisted external cybersecurity specialists to conduct a comprehensive investigation, identify the extent of the breach, and bolster its security infrastructure to protect against future incidents.
In addition, federal law enforcement was notified, and the company has committed to cooperating fully with authorities.
According to the YahooFinance report, ConnectOnCall has since been implementing a phased restoration of its platform in a more secure environment to ensure the safety of its users going forward.
Notifications and Support for Affected Individuals
As of December 11, 2024, ConnectOnCall began notifying all individuals potentially impacted by the breach via mail, provided their current mailing addresses were available.
For those whose SSNs were involved, the company is offering complimentary identity and credit monitoring services through Kroll, a leading risk consulting and intelligence firm, to help safeguard affected individuals against identity theft and fraud.
ConnectOnCall has urged all users to remain vigilant, monitor their personal information, and report any suspicious activities to their healthcare providers, insurers, or financial institutions.
Although ConnectOnCall has stated that it is unaware of any misuse of the exposed data at this time, the company’s CEO commented: “We are deeply sorry for any inconvenience caused. We are committed to ensuring the safety and trust of all those who rely on ConnectOnCall for critical communication.”
This incident raises fresh concerns about the vulnerability of sensitive healthcare data, underscoring the urgent need for advanced cybersecurity measures across all industries handling personal information.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
