After-hours Telehealth platform ConnectOnCall started notifying 914,138 patients that their personal and health data was exposed in a May breach. The company’s Notice of Security Incident notes: “On May 12, 2024, ConnectOnCall learned of an issue impacting ConnectOnCall and immediately began an investigation and took steps to secure the product and ensure the overall security of its environment.”
Social security numbers, diagnoses and medications are among patient data potentially compromised. ConnectOnCall is a subsidiary of Phreesia, a patient intake software as a service provider. Based on the investigation, there is no evidence that Phreesia’s other services have been affected. In response, Dispersive cybersecurity expert Lawrence Pingree (formerly with Gartner) offers perspective.
Lawrence Pingree, VP, Dispersive had this comment:
“This breach looks like it’s application security related, likely a breach of the application via SQL injection or credential theft exposure, but since no details of the breach are available, it’s hard to say. In any case, isolating critical systems and applications with the best possible multi-factor authentication and protecting applications through micro-segmentation are key approaches to isolate the breadth of breach.”
This is yet another example of health care being the target of a cyberattack. This was an ongoing theme in 2024, and it is likely going to be an ongoing theme in 2025 unfortunately.
Like this:
Like Loading...
Related
This entry was posted on December 17, 2024 at 1:13 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Phreesia ConnectOnCall Breach Exposes Medications SSNs of 900K Patients
After-hours Telehealth platform ConnectOnCall started notifying 914,138 patients that their personal and health data was exposed in a May breach. The company’s Notice of Security Incident notes: “On May 12, 2024, ConnectOnCall learned of an issue impacting ConnectOnCall and immediately began an investigation and took steps to secure the product and ensure the overall security of its environment.”
Social security numbers, diagnoses and medications are among patient data potentially compromised. ConnectOnCall is a subsidiary of Phreesia, a patient intake software as a service provider. Based on the investigation, there is no evidence that Phreesia’s other services have been affected. In response, Dispersive cybersecurity expert Lawrence Pingree (formerly with Gartner) offers perspective.
Lawrence Pingree, VP, Dispersive had this comment:
“This breach looks like it’s application security related, likely a breach of the application via SQL injection or credential theft exposure, but since no details of the breach are available, it’s hard to say. In any case, isolating critical systems and applications with the best possible multi-factor authentication and protecting applications through micro-segmentation are key approaches to isolate the breadth of breach.”
This is yet another example of health care being the target of a cyberattack. This was an ongoing theme in 2024, and it is likely going to be an ongoing theme in 2025 unfortunately.
Share this:
Like this:
Related
This entry was posted on December 17, 2024 at 1:13 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.