Recent Data Security Incident Experienced by Service Provider
ConnectOnCall.com, LLC provides a product (“ConnectOnCall”) that healthcare
providers purchase to improve their after-hours call process and enhance communications between the providers and their patients. ConnectOnCall discovered an incident that involved personal information related to communications between patients and healthcare providers that use ConnectOnCall. Individuals that communicated via voicemail or text message with the below healthcare providers prior to May 12, 2024, may have been impacted.
On May 12, 2024, ConnectOnCall learned of an issue impacting ConnectOnCall. As soon as ConnectOnCall learned of the incident, it immediately began an investigation and took steps to secure the product and ensure the overall security of its environment. ConnectOnCall’s investigation revealed that between February 16, 2024, and May 12, 2024, an unknown third party had access to ConnectOnCall and certain data within the application, including certain information in provider-patient communications.
ConnectOnCall determined that the personal information involved in this incident included information shared in communications between patients and their healthcare providers such as names and phone numbers, and may have also included medical record numbers, dates of birth, and information related to health conditions, treatments, or prescriptions. In limited instances, Social Security Numbers may have also been impacted.
While ConnectOnCall is not aware of any misuse of personal information or harm to patients as a result of this incident, potentially impacted individuals are encouraged to remain vigilant. If you discover any suspicious activity on your accounts or if you suspect identity theft or fraud, report it immediately to your health plan or insurer, or financial institution.
ConnectOnCall engaged external cybersecurity specialists to determine the full nature and scope of the incident, identify any impacted information, and help it enhance its security controls to mitigate the risk of future security incidents. Also, after becoming aware of the incident, ConnectOnCall took the ConnectOnCall product offline and has been working through a phased restoration of the product in a new, more secure environment. ConnectOnCall also notified federal law enforcement of the incident.
ConnectOnCall mailed notice letters to all potentially impacted individuals for whom the healthcare providers had current mailing addresses on December 11, 2024. The notice letter includes information about the incident and provides an offer for identity and credit monitoring services through Kroll for the limited number of individuals whose Social Security numbers were impacted.
Individuals may call toll-free to (866) 997-4596, Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time, to obtain more information about this matter.
