Phreesia, specializing in SaAS solutions for healthcare, reported about a large-scale leak of personal and medical data. The incident affected more than 910 thousand people and occurred due to hacking the subsidiary of ConnectonCall in May 2024.
ConnectonCall, purchased by Phreesia in October 2023, is a telemedician service and a platform for processing calls from patients in non -working hours with a function of automatic communication tracking. According to the company, unauthorized access lasted almost three months – from February 16 to May 12, 2024.
The problem was discovered on May 12, after which ConnectonCall conducted an internal investigation and took measures to protect the system. As a result, it turned out that third parties gained access to confidential data contained in messages between patients and medical staff.