Data breaches are becoming an alarming trend. And health care events are notable for their potentially fatal consequences. I recently reported a data breach by a doctor. The vein center exposed nearly half a million people to hackers.– And now, there’s been another healthcare data breach. And this problem affects more people. Data breach exposes sensitive personal and medical information of more than 910,000 patients through ConnectOnCall It is Phreesia’s telehealth platform and after-hours call service.
Receive security alerts EXPERT TIP – SUBSCRIBE TO THE KURT NEWSLETTER – CYBERGUY REPORT HERE
Professional doctor working on laptop (Kurt “Cyber Guy” Nutsson)
What you need to know
Phreesia, a healthcare software provider, has revealed that its service ConnectOnCall was affected by a data breach that lasted from February 1, 16 to May 12, 2024, during this time period An unknown hacker gained access to the platform and extracted data from communications between providers and patients. ConnectOnCall It helps healthcare providers manage after-hours communications and automatically track patient calls.
Phreesia, which bought ConnectOnCall in October 2023 discovered the breach on May 12 and said it immediately began taking action. The company brought in outside cybersecurity experts to lock down the platform and report breaches to federal law enforcement.
“On May 12, 2024, ConnectOnCall Know the problems that affect ConnectOnCall and immediately began investigating and taking steps to secure the product and ensure the overall safety of the environment.” The company Revealed in a press release–
According to a report filed with the U.S. Department of Health and Human Services. The breach affected 914,138 patients (via The computer beeps.– Stolen information includes names, phone numbers. Medical record numbers, birth dates, and details about health conditions, treatments, or prescriptions. In some cases, Social Security numbers have also been compromised.
Phreesia claims that its other services, such as its patient admissions platform, not affected Since then, the company has introduced ConnectOnCall. to use offline And work is being done to bring it back with a more secure setting.
We contact ConnectOnCall for comment but did not receive a response by deadline.
emergency room sign (Kurt “Cyber Guy” Nutsson)
Understand toothbrushing scams and how to protect yourself.
Risks associated with data breaches ConnectOnCall
The impact of this breach is significant due to the sensitive nature of healthcare data. This is different from financial abuse. Compromised accounts can be suspended or replaced. Health information is permanent and highly sought after on the dark web. Cybercriminals may exploit this information to commit crimes. identity theftThis includes fraudulently obtaining prescription drugs or filing false insurance claims.
Additionally, detailed health information revealed, such as diagnosis, treatments, and medications, can be used for targeting. Phishing attacks– Scammers may take advantage of victims’ medical history to create highly convincing schemes. This increases your chances of success.
Phreesia has sent a notification letter to all affected individuals. which health care providers have a valid mailing address as of Dec. 1, Oct. 11, 2024 for those disclosing their Social Security numbers; The company will offer identity and credit checking services.
doctor writing notes (Kurt “Cyber Guy” Nutsson)
Cyber scammers use AI to manipulate GOOGLE search results
7 ways to protect yourself from such data breaches
1) Review your financial and medical accounts regularly: Periodically review your medical records and health insurance statements. to view unusual or unauthorized activity This can help you quickly identify and resolve discrepancies or fraudulent activity.
Use the patient portal provided by your healthcare provider to access your medical records online. These portals often have features that allow you to keep track of your medical history and appointments.
2) Use strong passwords and two-factor authentication (2FA): Create strong, unique passwords for your online accounts. Including healthcare portal Avoid using easily guessable information such as birthdays or common words. Consider using a password manager to create and store complex passwords
3) Activate Two-factor authentication Wherever possible: 2FA adds another layer of security by requiring a second form of verification, such as a text message code or an authenticator app. In addition to your password
4) Don’t fall prey to phishing scams. Use strong antivirus software.: Please be mindful of the information you share online and with whom you share it. Avoid giving out sensitive personal information such as Social Security numbers or medical details. Unless it’s really necessary. Verify the legality of requests for personal information Scammers often pose as a health care provider or insurance company to trick you into revealing sensitive information by asking you to click on a link in an email or text message.
The best way to protect yourself from malicious links is to install antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware scams. To keep your personal information and digital assets safe Pick the winner of 2024’s best antivirus protection for your Windows, Mac, Android, and iOS devices.–
5) Use identity theft protection services.: Consider enrolling in an identity theft protection service that monitors your personal information and alerts you to potential threats. These services can help you detect and respond to identity theft more quickly. Some identity theft protection services also offer insurance and assistance in recovering from identity theft. which provides additional peace of mind. Check out my top tips and options on how to protect yourself from identity theft.
6) Freeze your credit: A credit freeze prevents anyone from opening a new credit account in your name without your permission. This reduces the risk of identity theft. Contact the major credit bureaus (Experian, Equifax, and TransUnion) to request a credit freeze. This is usually free and can be temporarily canceled when you want to apply for credit.
7) Delete your personal information from the internet: After being part of a data breach It is important to minimize your online presence to reduce the risk of future scams. Consider using a personal data removal service that can help you remove your data from websites and data brokers. This can greatly reduce the chance of your data being used maliciously. Check out my top picks for data deletion services here.
Don’t let SNOOPS nearby listen to your voicemail with this quick tip.
Kurt’s Essentials
Health data breach ConnectOnCall It highlights the critical need for strong cyber security measures within the healthcare sector. This is often a much higher risk than in other industries. With more than 910,000 patients affected, this incident demonstrates the serious risk posed by cyberattacks on healthcare platforms. Sensitive information such as medical records and Social Security numbers are permanent. and may be misused for identity theft and fraud. If you are affected Be careful by verifying your account. Enable fraud alerts And consider identity theft protection services.
Do you think healthcare providers should face stricter regulations to protect sensitive patient data? Why not? Let us know by writing to us at info@healthcareproviders.com. Cyberguy.com/Contact–
Want more tech tips and security alerts? Please subscribe to my free CyberGuy Report newsletter by visiting Cyberguy.com/Newsletter–
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most frequently asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com All rights reserved.
