Nearly 1 Million Americans Affected in Major Data Breach: Sensitive Medical and Personal Records Exposed
Added on: 08/01/2025
In one of the most significant healthcare-related data breaches this year, sensitive personal and health records of nearly 1 million Americans have been exposed. ConnectOnCall, a doctor-patient communications platform owned by health tech company Phreesia, disclosed that the breach affected 914,138 users. The exposed data includes an alarming range of sensitive information, such as names, phone numbers, dates of birth, medical conditions, treatments, medications, and even Social Security numbers.
Details of the Breach
The breach was discovered earlier this year, with ConnectOnCall determining that between February 16, 2024, and May 12, 2024, an unauthorised third party accessed data stored within its application. This application, used for communications between healthcare providers and patients, handles critical interactions such as prescription inquiries, lab result discussions, and telehealth consultations.
ConnectOnCall took immediate action by taking its platform offline upon detecting the breach. The company has since been working to restore the product in a more secure, updated environment.
In a statement addressing the incident, ConnectOnCall explained: “ConnectOnCall’s investigation revealed that… an unknown third party had access to ConnectOnCall and certain data within the application, including certain information in provider-patient communications… ConnectOnCall took the ConnectOnCall product offline and has been working through a phased restoration of the product in a new, more secure environment.”
What Was Exposed?
The breached database reportedly included the following types of sensitive information: • Full names • Phone numbers • Dates of birth • Health conditions and diagnoses • Treatments and medications • Social Security numbers
This comprehensive data set makes the breach particularly devastating, as it not only exposes individuals to identity theft but also to healthcare fraud and other forms of cybercrime.
How ConnectOnCall Is Responding
The company has taken measures to notify affected users of the breach. Earlier this month, ConnectOnCall sent letters to impacted individuals, explaining the scope of the security incident and providing details on the types of data exposed.
To help mitigate the potential fallout, ConnectOnCall is offering identity and credit monitoring services to those whose Social Security numbers were compromised. The company has also urged users to remain vigilant and to report any suspicious activity, including unauthorised healthcare claims or attempts at identity theft.
Broader Implications of the Breach
Healthcare data breaches are especially concerning because of the high value of medical information on the dark web. Unlike financial data, which can be canceled or changed, healthcare records are immutable and can be exploited for long-term fraud schemes. For instance, stolen Social Security numbers and medical histories can be used to: • Commit medical identity theft, such as filing fraudulent insurance claims. • Craft convincing phishing attacks targeting individuals with known medical conditions. • Open fraudulent accounts or obtain loans using compromised personal data.
The breach highlights the persistent vulnerabilities in the healthcare sector’s digital systems, particularly in platforms handling sensitive patient-provider communications.
What Affected Individuals Should Do
If you believe you were impacted by this breach or received a notification from ConnectOnCall, consider taking the following steps to protect your personal and financial information:
1. Enroll in Identity Protection Services If your Social Security number was exposed, use the credit monitoring services provided by ConnectOnCall. These services can alert you to signs of fraud and help restore your identity if it is stolen.
2. Monitor Financial and Medical Accounts Keep a close eye on your credit reports, bank accounts, and insurance statements for any unusual activity. Promptly report suspicious transactions or unauthorised claims to your financial institution or insurer.
3. Be Cautious of Phishing Scams Cybercriminals may use your exposed information to craft phishing emails or messages. Avoid clicking on suspicious links or providing additional personal information unless you are certain of the sender’s authenticity.
4. Freeze Your Credit Placing a credit freeze with the three major credit bureaus (Experian, TransUnion, and Equifax) can prevent anyone from opening new accounts in your name.
5. Change Your Passwords If you used similar passwords across multiple platforms, update them immediately and consider using a password manager to generate and store strong, unique passwords.
A Call for Stronger Cybersecurity in Healthcare
This breach underscores the critical need for stronger cybersecurity measures in the healthcare sector. With sensitive patient data at stake, healthcare providers and tech firms must adopt more robust security protocols, including: • Regular penetration testing and security audits. • Enhanced employee training to recognise phishing attacks. • Strong encryption for data both in transit and at rest. • Implementation of multi-factor authentication for all systems.
Regulatory frameworks like the Health Insurance Portability and Accountability Act (HIPAA) in the United States provide guidelines for safeguarding patient data, but compliance alone is not enough. Organisations must go above and beyond to stay ahead of increasingly sophisticated cyber threats.
The ConnectOnCall breach affecting nearly 1 million Americans is a sobering reminder of the vulnerabilities in our digital healthcare systems. For individuals, the breach presents a significant risk to personal and financial security, emphasising the importance of vigilance and proactive protection measures. For the healthcare industry, this incident serves as a call to action to prioritise data security and prevent future breaches.
Read more
Trump Administration Reverses Data Privacy Protections Exposing Americans to Increased Risks
In a significant policy reversal, the Trump administration has dismantled a Biden-era initiative aimed at limiting the sale of Americans’ personal data by data brokers. This move raises substantial concerns about consumer privacy and national security.<br/><br/><br/><h2 class= "text-heading">Background: The Biden-Era Initiative</h2><br/>Under President Biden, the Consumer Financial Protection Bureau (CFPB) proposed regulations to subject data brokers to oversight akin to credit bureaus. The goal was to protect consumers from the unregulated sale of sensitive personal information, which could be exploited for identity theft, scams, and even national security threats.<br/><br/><br/><h2 class= "text-heading">The Reversal and Its Implications</h2><br/>On May 14, 2025, the CFPB announced the withdrawal of the proposed regulations, stating that they no longer align with the bureau’s policy objectives. Consumer advocacy groups, such as Consumer Reports, have expressed alarm, warning that this decision leaves consumers vulnerable to scams and identity theft.<br/><br/>The rollback also includes the withdrawal of proposals related to digital payment technologies and the prohibition of certain terms in consumer finance products.<br/><br/><br/><h2 class= "text-heading">Risks to Consumer Privacy</h2><br/>The unregulated sale of personal data poses several risks:<br/>• <u>Identity Theft</u>: Personal information can be used to impersonate individuals, leading to financial loss and reputational damage.<br/>• <u>Scams and Phishing</u>: Data brokers can sell information to malicious actors who craft targeted scams and phishing emails.<br/>• <u>National Security Threats</u>: Sensitive data about government officials and military personnel can be exploited by foreign adversaries for espionage.<br/><br/><br/><h2 class= "text-heading">Sentrya: A Consumer-Focused Solution</h2><br/>In light of these developments, consumers seeking to protect their personal information can turn to services like <a href= "https://sentrya.net" class= "content-link">Sentrya</a>. Sentrya offers tools to remove personal data from the web and data brokers, and to clear inboxes of scams and phishing emails. Designed specifically for individual consumers, Sentrya empowers users to take control of their digital privacy.<br/><br/><br/>The Trump administration’s decision to scrap proposed data privacy regulations underscores the importance of individual action in safeguarding personal information. While federal protections may be in flux, consumers can proactively protect themselves using services like <a href= "https://sentrya.net" class= "content-link">Sentrya</a> to mitigate the risks associated with data exposure.
Read more
Your Airline Might Be Sharing Your Data with ICE: Here is What You Need to Know
Have you ever booked a flight thinking it was just between you, your airline, and your destination? You might want to think again. Recent reporting from Jacobin has exposed a chilling truth: airlines and travel companies are quietly sharing your personal travel data with U.S. Immigration and Customs Enforcement (ICE). And it’s happening without your consent, knowledge, or any real way to opt out.<br/><br/>Let’s break down what’s going on—and what it means for you.<br/><br/><br/><h2 class= "text-heading">Your Data Is Being Sold—Not Just Shared</h2><br/>You probably don’t know what the Airlines Reporting Corporation (ARC) is. That’s by design. ARC is a behind-the-scenes player that processes flight bookings between travel agencies (think Expedia, Priceline, or even a local agency) and over 200 airlines. That includes the biggest names: Delta, American, United, JetBlue, and more.<br/><br/>When you book a ticket, your itinerary, payment information, and travel history don’t just stay with the airline. They flow into ARC’s massive system. And from there? That data is being sold directly to ICE, as part of something called the “Travel Intelligence Program.”<br/><br/>Yes, sold.<br/><br/>This isn’t a targeted subpoena for a specific criminal investigation. This is bulk data sharing—ICE getting access to your travel habits, international flights, layovers, and even payment methods, all neatly packaged. Whether you’re a citizen, a visa holder, or just someone trying to visit family, that data can land in a government file, without your knowledge.<br/><br/><br/><h2 class= "text-heading">Why This Should Deeply Worry You</h2><br/>This isn’t just about immigration enforcement. This is about your right to privacy—and how it’s being traded away.<br/><br/>1. <em>You never consented to this.</em><br/>When you hit “purchase” on that ticket, did you get a notice saying your personal information might be sold to a federal law enforcement agency? Of course not.<br/><br/>2. <em>You have no control over where your data goes.</em><br/>Even if you use third-party travel sites, ARC is the middleman. And ARC is owned by the very airlines you’re booking with—so they’re profiting off your data in multiple ways.<br/><br/>3. <em>You could be flagged for future surveillance without doing anything wrong.</em><br/>Maybe you fly often to a country ICE is scrutinising. Maybe you paid for a ticket for someone else. Maybe you booked with cash. These perfectly legal activities can appear suspicious when viewed out of context by an algorithm or agency.<br/><br/><br/><h2 class= "text-heading">Real People, Real Risks</h2><br/>Imagine you’re visiting family abroad and come back to find you’ve been flagged for extra screening—no explanation, just delays and discomfort. Or ICE shows up at someone’s door based on flight data you unknowingly shared when you booked a ticket for them. These aren’t hypotheticals. This data is being used for real enforcement actions, with real consequences.<br/><br/>And no, there’s no easy opt-out.<br/><br/><br/><h2 class= "text-heading">What You Can Do to Protect Yourself</h2><br/>Unfortunately, you can’t completely stop airlines from selling your data—at least, not yet. But you can take steps to limit your exposure:<br/>• <u>Avoid big-name platforms</u> when booking, or research which agencies work with ARC. Smaller, privacy-conscious travel services may reduce how much data is shared.<br/>• <u>Pressure airlines and lawmakers</u> to stop this. If enough consumers speak up, companies and legislators will take notice.<br/><br/><br/><h2 class= "text-heading">This Isn’t Just a Policy Issue—It’s Personal</h2><br/>You deserve to travel without fear that your movements are being logged, sold, and scrutinised by law enforcement. This isn’t about politics. It’s about privacy, consent, and basic digital rights.<br/><br/>Next time you book a flight, take a moment to think about where your data is going—and who might be watching.
Read more
19 Billion Passwords Leaked in 2025: What You Need to Know and How to Protect Yourself
In what cybersecurity experts are calling one of the largest password leaks in internet history, over <u>19 billion compromised credentials</u> have surfaced in a massive data dump dubbed “RockYou2024.” This trove of exposed data is not from a single breach but a massive aggregation of credentials from more than <em>200 past incidents</em>, spanning over a decade. First revealed by Forbes, this leak is now widely circulating on hacker forums and underground markets—posing a serious threat to personal and corporate cybersecurity.<br/><br/><br/><h2 class="text-heading">What Is the RockYou2024 Password Leak?</h2><br/>The RockYou2024 leak, analysed by cybersecurity researchers at Cybernews, is a 19-billion-entry compilation of previously stolen passwords, many of which are still actively used. The passwords are in plaintext format, which means hackers don’t need to decrypt anything—they can use them immediately.<br/><br/>Key stats from the leak include:<br/>• <u>19,030,305,929 passwords</u> compiled from global breaches<br/>• <u>94% of passwords are reused across multiple sites</u><br/>• Popular entries include “123456”, “password”, and “admin”<br/>• Most passwords are between 8–10 characters and lack complexity<br/>This dataset isn’t just big—it’s <b>weaponisable</b>, giving cybercriminals an enormous arsenal for launching attacks on personal, business, and government systems.<br/><br/><br/><h2 class="text-heading">Why This Password Leak Is So Dangerous</h2><br/>1. <b>Credential Stuffing Attacks</b><br/>Using automated tools, hackers test these passwords on thousands of sites. If you reuse passwords, they’ll likely gain access to your email, bank account, social profiles, or worse.<br/><br/>2. <b>Phishing and Scams</b><br/>Once attackers have partial information, they can launch targeted phishing campaigns—often using fake emails, phone calls, or messages to extract more sensitive data.<br/><br/>3. <b>Business Security Risks</b><br/>Employees using compromised credentials for workplace accounts can expose entire organisations to ransomware, data loss, or financial fraud.<br/><br/>4. <b>Brute Force Optimisation</b><br/>This leak acts as fuel for brute force tools. Because the passwords are real and common, these tools become more efficient and successful.<br/><br/><br/><h2 class="text-heading">How to Protect Yourself Right Now</h2><br/>With 19 billion passwords out in the wild, now is the time to act. Here’s how you can protect yourself and your information:<br/><br/>1. <b>Scan the Web for Your Exposed Data</b><br/><br/><a href= "https://sentrya.net" class="content-link">Sentrya</a> scans data broker networks and breach databases to identify where your personal data is exposed—and helps you <b>remove it</b>. This drastically reduces your risk of identity theft, targeted scams, and phishing attacks.<br/>• <em>Remove personal data from the web</em><br/>• <em>Block scam and phishing emails</em><br/>• <em>Monitor the dark web for emerging threats tied to your identity</em><br/><br/>You can protect yourself or your entire family with a few clicks at <a href= "https://sentrya.net" class="content-link">sentrya.net</a>.<br/><br/>2. <b>Stop Reusing Passwords</b><br/><br/>Still using the same password for multiple accounts? That’s how 94% of the passwords in this leak were exposed.<br/>Instead, use Sentrya’s <a href= "https://sentrya.net/generate-random-password" class="content-link">secure password generator</a> to instantly create:<br/>• Strong, randomised, unique passwords<br/>• Passwords up to 50 characters in length<br/>• Passphrases using complex symbols, upper/lowercase, and numbers<br/><br/>It’s completely free and requires no signup: <a href= "https://sentrya.net/generate-random-password" class="content-link">Generate a password now</a><br/><br/>3. <b>Enable Multi-Factor Authentication (MFA)</b><br/><br/>Even if a password is leaked, MFA provides an extra layer of protection. Use authenticator apps (like Google Authenticator or Authy) instead of SMS whenever possible.<br/><br/>4. <b>Check If Your Accounts Are Affected</b><br/><br/>Use breach alert services like:<br/>• <a href= "https://haveibeenpwned.com" class="content-link">Have I Been Pwned</a><br/>• <a href= "https://cybernews.com/password-leak-check" class="content-link">Cybernews Password Checker</a><br/><br/>If any of your emails or passwords appear in those tools, update them immediately using Sentrya’s <a href= "https://sentrya.net/generate-random-password" class="content-link">password generator</a>.<br/><br/>5. <b>Watch for Phishing and Scams</b><br/><br/>After major leaks, phishing campaigns spike. Stay alert for:<br/>• Fake account recovery emails<br/>• Messages pretending to be from banks or tech companies<br/>• Unusual login alerts<br/><br/>If in doubt, don’t click. Visit the service’s official website instead.<br/><br/><br/>The RockYou2024 password leak proves that <em>password reuse is no longer just risky—it’s reckless</em>. With more than 19 billion credentials circulating in the cybercriminal underground, every reused or weak password becomes a liability.<br/><br/>Fortunately, with proactive tools like <a href= "https://sentrya.net" class="content-link">Sentrya</a>, you can reclaim control of your digital footprint:<br/>• Remove your personal info from data brokers<br/>• Block phishing scams<br/>• Generate ironclad passwords for every account<br/><br/>The internet is more dangerous than ever—but with the right tools, <u>you don’t have to be the next victim</u>.
Read more
LG Smart TVs Now Use Emotionally Intelligent Ads with Zenapse AI Technology
In a bold move shaping the future of connected TV advertising, LG Electronics has partnered with artificial intelligence company Zenapse to introduce emotionally intelligent advertising to its smart TVs. This AI-driven innovation uses advanced emotional analytics to deliver personalised ads based on viewers’ psychological and emotional profiles.<br/><br/><br/><h2 class= "text-heading">What Is Emotionally Intelligent Advertising?</h2><br/>Emotionally intelligent advertising is the next evolution in personalised marketing. Rather than just targeting users based on demographics, browsing behaviour, or viewing history, this method leverages emotion-based data to tailor content more precisely.<br/><br/>At the center of this technology is Zenapse’s <em>Large Emotion Model (LEM)</em>, a proprietary AI system that maps out psychological patterns and emotional states across various audiences. When integrated into <em>LG’s Smart TV platform</em>, this model works in tandem with the TVs’ first-party viewership data to identify how users feel while watching content—and delivers ads that resonate on a deeper level.<br/><br/><br/><h2 class= "text-heading">How LG’s Smart TV AI Works with Zenapse</h2><br/>LG’s smart TVs already employ <em>Automatic Content Recognition (ACR)</em>, a tool that gathers data about the content viewers consume, including shows and apps accessed through external devices. This gives LG valuable insight into a household’s viewing preferences.<br/><br/>By combining ACR data with Zenapse’s emotion-detection AI, advertisers can now deliver highly relevant, emotionally-tuned ad experiences that reflect the viewer’s mindset. For example:<br/>• A user showing patterns of stress may see wellness or mindfulness ads.<br/>• A family engaging in uplifting content might receive vacation or family-focused brand messages.<br/><br/>This is far beyond traditional <u>contextual advertising</u>—it’s what experts are calling emotionally-aware targeting.<br/><br/><br/><h2 class= "text-heading">Data Privacy and Ethical Considerations</h2><br/>As with all AI-powered personalisation, <b>privacy</b> is a major concern. LG’s smart TVs collect data through ACR, and while users can opt out, this type of emotionally aware targeting requires even more <em>granular behavioural data</em>.<br/><br/>Consumer advocacy groups warn that technologies which infer mental or emotional states could cross ethical boundaries if not regulated properly. Transparency, consent, and data control will be key for LG and Zenapse to maintain user trust.<br/><br/><u>LG has stated</u> that all data used is anonymised and consent-based, but the introduction of emotion-based ads will likely renew calls for updated <em>privacy legislation</em> in the smart home and streaming ecosystem.<br/><br/><br/><h2 class= "text-heading">What’s Next for Smart TV Advertising?</h2><br/>This partnership signals a major shift in how ads are delivered on smart TVs. With emotionally intelligent AI models now in play, we can expect:<br/>• More platforms to adopt emotion-based personalisation<br/>• Expanded use of machine learning for real-time emotional detection<br/>• Regulatory scrutiny over AI and mental-state inference<br/><br/>For now, LG and Zenapse are pioneering a new frontier in <em>AI-driven, emotion-aware media experiences</em>—one that could redefine the relationship between brands and consumers in the living room.
Read more
I'd like to set analytics cookies that help me make improvements by measuring how you use the site.