Sentrya logo Sentrya Get rid of spam

Nearly 1 Million Americans Affected in Major Data Breach: Sensitive Medical and Personal Records Exposed

Added on: 08/01/2025 In one of the most significant healthcare-related data breaches this year, sensitive personal and health records of nearly 1 million Americans have been exposed. ConnectOnCall, a doctor-patient communications platform owned by health tech company Phreesia, disclosed that the breach affected 914,138 users. The exposed data includes an alarming range of sensitive information, such as names, phone numbers, dates of birth, medical conditions, treatments, medications, and even Social Security numbers.


Details of the Breach


The breach was discovered earlier this year, with ConnectOnCall determining that between February 16, 2024, and May 12, 2024, an unauthorised third party accessed data stored within its application. This application, used for communications between healthcare providers and patients, handles critical interactions such as prescription inquiries, lab result discussions, and telehealth consultations.

ConnectOnCall took immediate action by taking its platform offline upon detecting the breach. The company has since been working to restore the product in a more secure, updated environment.

In a statement addressing the incident, ConnectOnCall explained:
“ConnectOnCall’s investigation revealed that… an unknown third party had access to ConnectOnCall and certain data within the application, including certain information in provider-patient communications… ConnectOnCall took the ConnectOnCall product offline and has been working through a phased restoration of the product in a new, more secure environment.”


What Was Exposed?


The breached database reportedly included the following types of sensitive information:
• Full names
• Phone numbers
• Dates of birth
• Health conditions and diagnoses
• Treatments and medications
• Social Security numbers

This comprehensive data set makes the breach particularly devastating, as it not only exposes individuals to identity theft but also to healthcare fraud and other forms of cybercrime.


How ConnectOnCall Is Responding


The company has taken measures to notify affected users of the breach. Earlier this month, ConnectOnCall sent letters to impacted individuals, explaining the scope of the security incident and providing details on the types of data exposed.

To help mitigate the potential fallout, ConnectOnCall is offering identity and credit monitoring services to those whose Social Security numbers were compromised. The company has also urged users to remain vigilant and to report any suspicious activity, including unauthorised healthcare claims or attempts at identity theft.


Broader Implications of the Breach


Healthcare data breaches are especially concerning because of the high value of medical information on the dark web. Unlike financial data, which can be canceled or changed, healthcare records are immutable and can be exploited for long-term fraud schemes. For instance, stolen Social Security numbers and medical histories can be used to:
• Commit medical identity theft, such as filing fraudulent insurance claims.
• Craft convincing phishing attacks targeting individuals with known medical conditions.
• Open fraudulent accounts or obtain loans using compromised personal data.

The breach highlights the persistent vulnerabilities in the healthcare sector’s digital systems, particularly in platforms handling sensitive patient-provider communications.


What Affected Individuals Should Do


If you believe you were impacted by this breach or received a notification from ConnectOnCall, consider taking the following steps to protect your personal and financial information:

1. Enroll in Identity Protection Services
If your Social Security number was exposed, use the credit monitoring services provided by ConnectOnCall. These services can alert you to signs of fraud and help restore your identity if it is stolen.

2. Monitor Financial and Medical Accounts
Keep a close eye on your credit reports, bank accounts, and insurance statements for any unusual activity. Promptly report suspicious transactions or unauthorised claims to your financial institution or insurer.

3. Be Cautious of Phishing Scams
Cybercriminals may use your exposed information to craft phishing emails or messages. Avoid clicking on suspicious links or providing additional personal information unless you are certain of the sender’s authenticity.

4. Freeze Your Credit
Placing a credit freeze with the three major credit bureaus (Experian, TransUnion, and Equifax) can prevent anyone from opening new accounts in your name.

5. Change Your Passwords
If you used similar passwords across multiple platforms, update them immediately and consider using a password manager to generate and store strong, unique passwords.


A Call for Stronger Cybersecurity in Healthcare


This breach underscores the critical need for stronger cybersecurity measures in the healthcare sector. With sensitive patient data at stake, healthcare providers and tech firms must adopt more robust security protocols, including:
• Regular penetration testing and security audits.
• Enhanced employee training to recognise phishing attacks.
• Strong encryption for data both in transit and at rest.
• Implementation of multi-factor authentication for all systems.

Regulatory frameworks like the Health Insurance Portability and Accountability Act (HIPAA) in the United States provide guidelines for safeguarding patient data, but compliance alone is not enough. Organisations must go above and beyond to stay ahead of increasingly sophisticated cyber threats.


The ConnectOnCall breach affecting nearly 1 million Americans is a sobering reminder of the vulnerabilities in our digital healthcare systems. For individuals, the breach presents a significant risk to personal and financial security, emphasising the importance of vigilance and proactive protection measures. For the healthcare industry, this incident serves as a call to action to prioritise data security and prevent future breaches.

Read more

Morocco CNSS Data Breach: A Wake Up Call for Consumer Data Protection

In April 2025, Morocco experienced a significant cybersecurity incident when the National Social Security Fund (Caisse Nationale de Sécurité Sociale – CNSS) was compromised. The breach resulted in the unauthorised release of sensitive data pertaining to millions of Moroccan workers and hundreds of thousands of businesses. The fallout from this breach has raised serious concerns about consumer privacy and the adequacy of data protection measures.<br/><br/><br/><h2 class= "text-heading">The CNSS Breach: What Happened?</h2><br/>On April 8, 2025, a hacker group identifying itself as JabaRoot DZ claimed responsibility for the cyberattack on CNSS. The group leaked over 50,000 official documents, including personal identification numbers, salary declarations, employment contracts, and correspondence involving foreign diplomatic entities. The leaked data was disseminated through various channels, including encrypted messaging platforms and public file-sharing websites.<br/><br/>Cybersecurity analysts suggest that the attackers may have exploited vulnerabilities in outdated file storage protocols or gained access through compromised administrator accounts. The breach potentially began weeks or months before the data was released, allowing the attackers ample time to exfiltrate information undetected.<br/><br/><br/><h2 class= "text-heading">Implications for Consumer Privacy</h2><br/>The CNSS breach has exposed nearly 2 million employees and approximately 470,000 companies to potential risks, including identity theft, financial fraud, and targeted phishing attacks. The leaked information encompasses a wide range of personal and financial data, making it a valuable resource for malicious actors.<br/><br/>This incident underscores the vulnerabilities inherent in centralised data repositories and the critical need for robust cybersecurity measures to protect consumer information. It also highlights the importance of transparency and prompt communication from institutions in the event of data breaches.<br/><br/><br/><h2 class= "text-heading">Sentrya: Empowering Consumers to Protect Their Data</h2><br/>In the wake of such breaches, you must take proactive steps to safeguard your personal information. <a href= "https://sentrya.net" class= "content-link">Sentrya</a> offers a comprehensive solution designed specifically for individual users. Sentrya provides tools to remove personal data from the web and data brokers, and to clear inboxes of scams and phishing emails. By leveraging Sentrya’s services, you can regain control over your digital footprint and enhance your privacy.<br/><br/><br/>The CNSS data breach serves as a stark reminder of the growing threats to consumer privacy in the digital age. While institutions must bolster their cybersecurity frameworks, individuals also have a role to play in protecting their personal information. Utilising services like Sentrya can be an effective strategy for consumers to mitigate risks and maintain their privacy in an increasingly interconnected world. Read more

Trump Administration Reverses Data Privacy Protections Exposing Americans to Increased Risks

In a significant policy reversal, the Trump administration has dismantled a Biden-era initiative aimed at limiting the sale of Americans’ personal data by data brokers. This move raises substantial concerns about consumer privacy and national security.<br/><br/><br/><h2 class= "text-heading">Background: The Biden-Era Initiative</h2><br/>Under President Biden, the Consumer Financial Protection Bureau (CFPB) proposed regulations to subject data brokers to oversight akin to credit bureaus. The goal was to protect consumers from the unregulated sale of sensitive personal information, which could be exploited for identity theft, scams, and even national security threats.<br/><br/><br/><h2 class= "text-heading">The Reversal and Its Implications</h2><br/>On May 14, 2025, the CFPB announced the withdrawal of the proposed regulations, stating that they no longer align with the bureau’s policy objectives. Consumer advocacy groups, such as Consumer Reports, have expressed alarm, warning that this decision leaves consumers vulnerable to scams and identity theft.<br/><br/>The rollback also includes the withdrawal of proposals related to digital payment technologies and the prohibition of certain terms in consumer finance products.<br/><br/><br/><h2 class= "text-heading">Risks to Consumer Privacy</h2><br/>The unregulated sale of personal data poses several risks:<br/>• <u>Identity Theft</u>: Personal information can be used to impersonate individuals, leading to financial loss and reputational damage.<br/>• <u>Scams and Phishing</u>: Data brokers can sell information to malicious actors who craft targeted scams and phishing emails.<br/>• <u>National Security Threats</u>: Sensitive data about government officials and military personnel can be exploited by foreign adversaries for espionage.<br/><br/><br/><h2 class= "text-heading">Sentrya: A Consumer-Focused Solution</h2><br/>In light of these developments, consumers seeking to protect their personal information can turn to services like <a href= "https://sentrya.net" class= "content-link">Sentrya</a>. Sentrya offers tools to remove personal data from the web and data brokers, and to clear inboxes of scams and phishing emails. Designed specifically for individual consumers, Sentrya empowers users to take control of their digital privacy.<br/><br/><br/>The Trump administration’s decision to scrap proposed data privacy regulations underscores the importance of individual action in safeguarding personal information. While federal protections may be in flux, consumers can proactively protect themselves using services like <a href= "https://sentrya.net" class= "content-link">Sentrya</a> to mitigate the risks associated with data exposure. Read more

Your Airline Might Be Sharing Your Data with ICE: Here is What You Need to Know

Have you ever booked a flight thinking it was just between you, your airline, and your destination? You might want to think again. Recent reporting from Jacobin has exposed a chilling truth: airlines and travel companies are quietly sharing your personal travel data with U.S. Immigration and Customs Enforcement (ICE). And it’s happening without your consent, knowledge, or any real way to opt out.<br/><br/>Let’s break down what’s going on—and what it means for you.<br/><br/><br/><h2 class= "text-heading">Your Data Is Being Sold—Not Just Shared</h2><br/>You probably don’t know what the Airlines Reporting Corporation (ARC) is. That’s by design. ARC is a behind-the-scenes player that processes flight bookings between travel agencies (think Expedia, Priceline, or even a local agency) and over 200 airlines. That includes the biggest names: Delta, American, United, JetBlue, and more.<br/><br/>When you book a ticket, your itinerary, payment information, and travel history don’t just stay with the airline. They flow into ARC’s massive system. And from there? That data is being sold directly to ICE, as part of something called the “Travel Intelligence Program.”<br/><br/>Yes, sold.<br/><br/>This isn’t a targeted subpoena for a specific criminal investigation. This is bulk data sharing—ICE getting access to your travel habits, international flights, layovers, and even payment methods, all neatly packaged. Whether you’re a citizen, a visa holder, or just someone trying to visit family, that data can land in a government file, without your knowledge.<br/><br/><br/><h2 class= "text-heading">Why This Should Deeply Worry You</h2><br/>This isn’t just about immigration enforcement. This is about your right to privacy—and how it’s being traded away.<br/><br/>1. <em>You never consented to this.</em><br/>When you hit “purchase” on that ticket, did you get a notice saying your personal information might be sold to a federal law enforcement agency? Of course not.<br/><br/>2. <em>You have no control over where your data goes.</em><br/>Even if you use third-party travel sites, ARC is the middleman. And ARC is owned by the very airlines you’re booking with—so they’re profiting off your data in multiple ways.<br/><br/>3. <em>You could be flagged for future surveillance without doing anything wrong.</em><br/>Maybe you fly often to a country ICE is scrutinising. Maybe you paid for a ticket for someone else. Maybe you booked with cash. These perfectly legal activities can appear suspicious when viewed out of context by an algorithm or agency.<br/><br/><br/><h2 class= "text-heading">Real People, Real Risks</h2><br/>Imagine you’re visiting family abroad and come back to find you’ve been flagged for extra screening—no explanation, just delays and discomfort. Or ICE shows up at someone’s door based on flight data you unknowingly shared when you booked a ticket for them. These aren’t hypotheticals. This data is being used for real enforcement actions, with real consequences.<br/><br/>And no, there’s no easy opt-out.<br/><br/><br/><h2 class= "text-heading">What You Can Do to Protect Yourself</h2><br/>Unfortunately, you can’t completely stop airlines from selling your data—at least, not yet. But you can take steps to limit your exposure:<br/>• <u>Avoid big-name platforms</u> when booking, or research which agencies work with ARC. Smaller, privacy-conscious travel services may reduce how much data is shared.<br/>• <u>Pressure airlines and lawmakers</u> to stop this. If enough consumers speak up, companies and legislators will take notice.<br/><br/><br/><h2 class= "text-heading">This Isn’t Just a Policy Issue—It’s Personal</h2><br/>You deserve to travel without fear that your movements are being logged, sold, and scrutinised by law enforcement. This isn’t about politics. It’s about privacy, consent, and basic digital rights.<br/><br/>Next time you book a flight, take a moment to think about where your data is going—and who might be watching. Read more

19 Billion Passwords Leaked in 2025: What You Need to Know and How to Protect Yourself

In what cybersecurity experts are calling one of the largest password leaks in internet history, over <u>19 billion compromised credentials</u> have surfaced in a massive data dump dubbed “RockYou2024.” This trove of exposed data is not from a single breach but a massive aggregation of credentials from more than <em>200 past incidents</em>, spanning over a decade. First revealed by Forbes, this leak is now widely circulating on hacker forums and underground markets—posing a serious threat to personal and corporate cybersecurity.<br/><br/><br/><h2 class="text-heading">What Is the RockYou2024 Password Leak?</h2><br/>The RockYou2024 leak, analysed by cybersecurity researchers at Cybernews, is a 19-billion-entry compilation of previously stolen passwords, many of which are still actively used. The passwords are in plaintext format, which means hackers don’t need to decrypt anything—they can use them immediately.<br/><br/>Key stats from the leak include:<br/>• <u>19,030,305,929 passwords</u> compiled from global breaches<br/>• <u>94% of passwords are reused across multiple sites</u><br/>• Popular entries include “123456”, “password”, and “admin”<br/>• Most passwords are between 8–10 characters and lack complexity<br/>This dataset isn’t just big—it’s <b>weaponisable</b>, giving cybercriminals an enormous arsenal for launching attacks on personal, business, and government systems.<br/><br/><br/><h2 class="text-heading">Why This Password Leak Is So Dangerous</h2><br/>1. <b>Credential Stuffing Attacks</b><br/>Using automated tools, hackers test these passwords on thousands of sites. If you reuse passwords, they’ll likely gain access to your email, bank account, social profiles, or worse.<br/><br/>2. <b>Phishing and Scams</b><br/>Once attackers have partial information, they can launch targeted phishing campaigns—often using fake emails, phone calls, or messages to extract more sensitive data.<br/><br/>3. <b>Business Security Risks</b><br/>Employees using compromised credentials for workplace accounts can expose entire organisations to ransomware, data loss, or financial fraud.<br/><br/>4. <b>Brute Force Optimisation</b><br/>This leak acts as fuel for brute force tools. Because the passwords are real and common, these tools become more efficient and successful.<br/><br/><br/><h2 class="text-heading">How to Protect Yourself Right Now</h2><br/>With 19 billion passwords out in the wild, now is the time to act. Here’s how you can protect yourself and your information:<br/><br/>1. <b>Scan the Web for Your Exposed Data</b><br/><br/><a href= "https://sentrya.net" class="content-link">Sentrya</a> scans data broker networks and breach databases to identify where your personal data is exposed—and helps you <b>remove it</b>. This drastically reduces your risk of identity theft, targeted scams, and phishing attacks.<br/>• <em>Remove personal data from the web</em><br/>• <em>Block scam and phishing emails</em><br/>• <em>Monitor the dark web for emerging threats tied to your identity</em><br/><br/>You can protect yourself or your entire family with a few clicks at <a href= "https://sentrya.net" class="content-link">sentrya.net</a>.<br/><br/>2. <b>Stop Reusing Passwords</b><br/><br/>Still using the same password for multiple accounts? That’s how 94% of the passwords in this leak were exposed.<br/>Instead, use Sentrya’s <a href= "https://sentrya.net/generate-random-password" class="content-link">secure password generator</a> to instantly create:<br/>• Strong, randomised, unique passwords<br/>• Passwords up to 50 characters in length<br/>• Passphrases using complex symbols, upper/lowercase, and numbers<br/><br/>It’s completely free and requires no signup: <a href= "https://sentrya.net/generate-random-password" class="content-link">Generate a password now</a><br/><br/>3. <b>Enable Multi-Factor Authentication (MFA)</b><br/><br/>Even if a password is leaked, MFA provides an extra layer of protection. Use authenticator apps (like Google Authenticator or Authy) instead of SMS whenever possible.<br/><br/>4. <b>Check If Your Accounts Are Affected</b><br/><br/>Use breach alert services like:<br/>• <a href= "https://haveibeenpwned.com" class="content-link">Have I Been Pwned</a><br/>• <a href= "https://cybernews.com/password-leak-check" class="content-link">Cybernews Password Checker</a><br/><br/>If any of your emails or passwords appear in those tools, update them immediately using Sentrya’s <a href= "https://sentrya.net/generate-random-password" class="content-link">password generator</a>.<br/><br/>5. <b>Watch for Phishing and Scams</b><br/><br/>After major leaks, phishing campaigns spike. Stay alert for:<br/>• Fake account recovery emails<br/>• Messages pretending to be from banks or tech companies<br/>• Unusual login alerts<br/><br/>If in doubt, don’t click. Visit the service’s official website instead.<br/><br/><br/>The RockYou2024 password leak proves that <em>password reuse is no longer just risky—it’s reckless</em>. With more than 19 billion credentials circulating in the cybercriminal underground, every reused or weak password becomes a liability.<br/><br/>Fortunately, with proactive tools like <a href= "https://sentrya.net" class="content-link">Sentrya</a>, you can reclaim control of your digital footprint:<br/>• Remove your personal info from data brokers<br/>• Block phishing scams<br/>• Generate ironclad passwords for every account<br/><br/>The internet is more dangerous than ever—but with the right tools, <u>you don’t have to be the next victim</u>. Read more
Sentrya logo Sentrya
Affiliates Register Terms Privacy
Made with ❤️ by Claudiu All rights reserved | Sentrya 2025
I'd like to set analytics cookies that help me make improvements by measuring how you use the site.