Pierluigi Paganini December 16, 2024

ConnectOnCall disclosed a data breach impacting over 900,000 individuals, exposing their personal information.

ConnectOnCall is a telehealth platform and after-hours on-call answering service designed to enhance communication between healthcare providers and patients. It offers automated patient call tracking, HIPAA-compliant chat, and integrates with electronic health record (EHR) systems to streamline after-hours calls and care coordination.

The company disclosed a data breach that exposed personal information and medical information of more than 900,000 individuals.

The company discovered the security breach on May 12 and promptly began investigating into the incident.

The company discovered that between February 16, 2024, and May 12, 2024, an unknown third party had access to ConnectOnCall and certain data within the application, including certain information in provider-patient communications.

ConnectOnCall hired cybersecurity experts, took its product offline, and began restoring it in a secure environment. Federal law enforcement was also notified.

The breach may have exposed names, phone numbers, and possibly dates of birth, Social Security numbers, medical record numbers, and health-related information such as health conditions, treatments, or prescriptions.

“While ConnectOnCall is not aware of any misuse of personal information or harm to patients as a result of this incident, potentially impacted individuals are encouraged to remain vigilant and report any suspected identity theft or fraud to your health plan or insurer, or financial institution.” reads the Notice of Data Security Incident.

The company notified law enforcement and started notifying impacted individuals offering them identity and credit monitoring services.

“ConnectOnCall mailed notice letters to all potentially impacted individuals for whom the healthcare providers had current mailing addresses on December 11, 2024. The notice letter includes information about the incident and provides an offer for identity and credit monitoring services through Kroll for the limited number of individuals whose Social Security numbers were impacted.” concludes the notice.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)