ConnectOnCall, a digital answering service for healthcare providers, has confirmed a massive data breach that compromised the sensitive personal and medical information of nearly one million patients. Owned by healthcare technology firm Phreesia, the service facilitates after-hours communication between patients and medical offices, making the scope of this incident particularly critical for patient privacy.
What Information Was Stolen?
The security incident, which occurred in May, resulted in unauthorized access to a wide array of personal data. According to official disclosures, the stolen records include:
- Patient names and phone numbers
- Dates of birth
- Specific health conditions and treatment details
- Prescription information
- Social Security numbers for some affected individuals
Scope of the Breach
While Phreesia initially avoided specifying the exact number of victims, mandatory reporting to the U.S. Department of Health and Human Services confirms that 914,138 individuals have been notified that their data was exposed. This data security incident highlights the growing vulnerability of third-party healthcare communication platforms.
A Significant Healthcare Security Failure
The magnitude of the ConnectOnCall hack places it among the most severe security lapses in the medical sector this year. Based on the government’s ongoing data breach registry, this incident ranks as the 14th largest healthcare-related data breach reported in 2024 to date. The scale of this exposure underscores the urgent need for heightened cybersecurity protocols within digital health answering services.