ConnectOnCall Data Breach Exposes Sensitive Info

ConnectOnCall.com, LLC, platform widely used by healthcare providers to manage patient communications after business hours, experienced a significant data breach earlier this year. The breach occurred between February 16, 2024, and May 12, 2024, when an unauthorized third party gained access to the company's ConnectOnCall application.

The breach exposed sensitive information from provider-patient communications stored within the application.

The types of consumer information compromised in the incident include:

• Names of individuals
• Phone numbers
• Medical record numbers
• Dates of birth
• Health conditions, treatments, or prescriptions
• Social Security Numbers

The breach affected at least 18,045 individuals in Texas, according to a disclosure filed with the Texas Attorney General's Office. A similar disclosure was also submitted to the California Attorney General's Office. The full scope of the breach across other states remains unclear at this time.

The breach was made possible due to a vulnerability in the ConnectOnCall application, which the attackers exploited to access sensitive data. The breach went undetected for nearly three months, raising concerns about the security measures in place at the time of the incident.

ConnectOnCall.com's response

After discovering the breach on May 12, 2024, ConnectOnCall.com immediately launched an investigation and took the affected application offline. The company engaged external cybersecurity specialists to assess the scope of the incident and identify the data that was compromised.

To mitigate future risks, the company has implemented enhanced security measures and is restoring the ConnectOnCall platform in a new, more secure environment. Federal law enforcement has also been notified about the incident.

Consumers affected by the breach were notified via U.S. mail and publication in print media. The company has provided resources to help individuals protect themselves from potential misuse of their personal information.

Steps to take if you are affected by the data breach

If you believe your information may have been compromised in this data breach, it is important to take immediate action to protect yourself. Here are some recommended steps:

1. Monitor your financial accounts and credit reports: Regularly review your bank statements, credit card activity, and credit reports for any unauthorized transactions or suspicious activity.
2. Place a fraud alert on your credit file: Contact one of the three major credit reporting agencies—Equifax, Experian, or TransUnion—to add a fraud alert. This will make it harder for someone to open accounts in your name.
3. Consider a credit freeze: A credit freeze restricts access to your credit report, preventing identity thieves from opening new accounts. You can request a freeze by contacting the credit reporting agencies directly.
4. Obtain your free credit report: Under federal law, you are entitled to one free credit report annually from each of the three major credit reporting agencies. Visit AnnualCreditReport.com to request your reports.
5. Be vigilant for phishing attempts: Scammers may use information from the breach to target you with phishing emails or phone calls. Avoid clicking on suspicious links or providing personal information to unknown sources.
6. Report identity theft: If you suspect that your information has been misused, file a report with the Federal Trade Commission (FTC) at IdentityTheft.gov and notify your local law enforcement.

For additional guidance, you can contact the FTC at (877) IDTHEFT (438-4338) or visit their website for resources on preventing and responding to identity theft.