A security breach has exposed sensitive personal and health records of nearly a million Americans.
The doctor-patient communications platform ConnectOnCall, owned by health tech firm Phreesia, says 914,138 users are affected, according to data from the U.S. Department of Health and Human Services Office for Civil Rights
In a statement, the firm says the breach exposed records shared in communications between doctors and patients including full names, phone numbers, dates of birth, health conditions, treatments, medications as well as Social Security numbers.
"ConnectOnCall's investigation revealed that between February 16, 2024, and May 12, 2024, an unknown third party had access to ConnectOnCall and certain data within the application, including certain information in provider-patient communications...
ConnectOnCall took the ConnectOnCall product offline and has been working through a phased restoration of the product in a new, more secure environment."
ConnectOnCall allows patients to contact their doctors via text, phone call or telehealth for concerns about prescriptions, lab results and other medical issues.
The firm sent letters to affected users earlier this month to shed light on the security incident while offering identity and credit monitoring services to individuals whose Social Security numbers were stolen.
ConnectOnCall says users should stay alert and immediately report any suspicious activity related to identity theft or healthcare fraud.