Nearly 1 Million Americans Affected in Major Data Breach: Sensitive Medical and Personal Records Exposed

Added on: 08/01/2025 In one of the most significant healthcare-related data breaches this year, sensitive personal and health records of nearly 1 million Americans have been exposed. ConnectOnCall, a doctor-patient communications platform owned by health tech company Phreesia, disclosed that the breach affected 914,138 users. The exposed data includes an alarming range of sensitive information, such as names, phone numbers, dates of birth, medical conditions, treatments, medications, and even Social Security numbers.

Details of the Breach

The breach was discovered earlier this year, with ConnectOnCall determining that between February 16, 2024, and May 12, 2024, an unauthorised third party accessed data stored within its application. This application, used for communications between healthcare providers and patients, handles critical interactions such as prescription inquiries, lab result discussions, and telehealth consultations.

ConnectOnCall took immediate action by taking its platform offline upon detecting the breach. The company has since been working to restore the product in a more secure, updated environment.

In a statement addressing the incident, ConnectOnCall explained:
“ConnectOnCall’s investigation revealed that… an unknown third party had access to ConnectOnCall and certain data within the application, including certain information in provider-patient communications… ConnectOnCall took the ConnectOnCall product offline and has been working through a phased restoration of the product in a new, more secure environment.”

What Was Exposed?

The breached database reportedly included the following types of sensitive information:
• Full names
• Phone numbers
• Dates of birth
• Health conditions and diagnoses
• Treatments and medications
• Social Security numbers

This comprehensive data set makes the breach particularly devastating, as it not only exposes individuals to identity theft but also to healthcare fraud and other forms of cybercrime.

How ConnectOnCall Is Responding

The company has taken measures to notify affected users of the breach. Earlier this month, ConnectOnCall sent letters to impacted individuals, explaining the scope of the security incident and providing details on the types of data exposed.

To help mitigate the potential fallout, ConnectOnCall is offering identity and credit monitoring services to those whose Social Security numbers were compromised. The company has also urged users to remain vigilant and to report any suspicious activity, including unauthorised healthcare claims or attempts at identity theft.

Broader Implications of the Breach

Healthcare data breaches are especially concerning because of the high value of medical information on the dark web. Unlike financial data, which can be canceled or changed, healthcare records are immutable and can be exploited for long-term fraud schemes. For instance, stolen Social Security numbers and medical histories can be used to:
• Commit medical identity theft, such as filing fraudulent insurance claims.
• Craft convincing phishing attacks targeting individuals with known medical conditions.
• Open fraudulent accounts or obtain loans using compromised personal data.

The breach highlights the persistent vulnerabilities in the healthcare sector’s digital systems, particularly in platforms handling sensitive patient-provider communications.

What Affected Individuals Should Do

If you believe you were impacted by this breach or received a notification from ConnectOnCall, consider taking the following steps to protect your personal and financial information:

1. Enroll in Identity Protection Services
If your Social Security number was exposed, use the credit monitoring services provided by ConnectOnCall. These services can alert you to signs of fraud and help restore your identity if it is stolen.

2. Monitor Financial and Medical Accounts
Keep a close eye on your credit reports, bank accounts, and insurance statements for any unusual activity. Promptly report suspicious transactions or unauthorised claims to your financial institution or insurer.

3. Be Cautious of Phishing Scams
Cybercriminals may use your exposed information to craft phishing emails or messages. Avoid clicking on suspicious links or providing additional personal information unless you are certain of the sender’s authenticity.

4. Freeze Your Credit
Placing a credit freeze with the three major credit bureaus (Experian, TransUnion, and Equifax) can prevent anyone from opening new accounts in your name.

5. Change Your Passwords
If you used similar passwords across multiple platforms, update them immediately and consider using a password manager to generate and store strong, unique passwords.

A Call for Stronger Cybersecurity in Healthcare

This breach underscores the critical need for stronger cybersecurity measures in the healthcare sector. With sensitive patient data at stake, healthcare providers and tech firms must adopt more robust security protocols, including:
• Regular penetration testing and security audits.
• Enhanced employee training to recognise phishing attacks.
• Strong encryption for data both in transit and at rest.
• Implementation of multi-factor authentication for all systems.

Regulatory frameworks like the Health Insurance Portability and Accountability Act (HIPAA) in the United States provide guidelines for safeguarding patient data, but compliance alone is not enough. Organisations must go above and beyond to stay ahead of increasingly sophisticated cyber threats.

The ConnectOnCall breach affecting nearly 1 million Americans is a sobering reminder of the vulnerabilities in our digital healthcare systems. For individuals, the breach presents a significant risk to personal and financial security, emphasising the importance of vigilance and proactive protection measures. For the healthcare industry, this incident serves as a call to action to prioritise data security and prevent future breaches.

How to Clean 80% of Spam in 2 Days in 2025

Personal data is the new gold, and as a result, scammers make bank by taking advantage of us — did you know that they made over $1 trillion from scams two years ago? That’s more than half of Canada’s GDP… I’ve seen many people just give up their long-term email accounts just because it got filled with spam, scams and phishing emails — and it’s just sad. I don’t know about you, but I’m pretty emotional about my account I made almost 2 decades ago, and I really don’t want to lose it or just give up on it. This is exactly what pushed my research for a permanent solution to get rid of all the junk from my inbox, and give my account a second chance to life - by the way, my next checklist is made strictly for Gmail (that’s what I’m using), so if you’re an Outlook, Yahoo or other type of user, this might not be for you. Let me dive into what I discovered, how it works and how quickly it turned my inbox around. <h2 class= "text-heading">What I discovered</h2> My journey started about 15 years ago, when I used to get more spam than legit emails in my inbox, and it made me wonder why that happens. I didn’t know much at the time, so I got left with just the question. It wasn’t until 6 years ago when I got a job as a data entry assistant for a start-up operating in the data protection industry, and got introduced to this brand new world - that was my ‘Aha!’ moment. I learned a lot there, found what data is collected about us, consumers, by a lot of companies, how entitled many of them feel to do anything they want with our information, and how a large number of them “get back” at us when we try to distance ourselves from them. In simple terms, from the data they collect about us (name, email, phone number, shopping, browsing etc.), they can generate inferred data, like net worth, how much we’re worth to them as customers, and even predict future spending habits. In terms of “getting back” at us, many of them sell our information to others as soon as we unsubscribe from their marketing emails — this way they make up some of the loss resulted from their inability to market their products directly to us. <h2 class= "text-heading">How it works (how I turned my inbox around)</h2> It took me a good while to figure out how to get rid of spam and junk. I first started to look at how I can filter out these types of emails, but since even tech giants like Google or Microsoft haven’t figured it out, I clearly had no chance of doing it, especially by myself. And then it clicked! Instead of chasing after scammers, which use an email or domain as a one-time thing, where they send a bunch of scams once and switch to a different email/domain, I asked myself - what’s constant? Scammers or actual subscriptions? I think it’s pretty obvious that subscriptions are constant for a lot of us. We may have hundreds of opened accounts, but in reality, we use only a handful. So I started fiddling with some filters to see what would happen if I changed my inbox to accept emails only coming from a set list of senders. In 2 days, I got only 2 or 3 emails after I set up that filter. This was my “holy sh*t” moment, and it changed my inbox ever since. I made this filter (along with some other things) into a digital product, but I want to share the “secrets” here with you, so you can get a better email experience, and avoid having to give up on it. Here’s how to create a complete and comprehensive filter: - Make a list of services and subscriptions you still need, and are important to you (important in the next step) - Click on the filter icon in Gmail’s web app, and add the list you made in the “Doesn’t have” field using this format: {(from:sender1 OR from:sender2 OR from:sender3)} - Next, select the “Delete it” option. This way, all emails not included in your filter will be sent to trash, and permanently deleted in 30 days The best thing about this is that it clears all unwanted emails (junk, spam, scams and phishing), and ensured you won’t miss new emails since they’ll just be sent to trash - you can then update the filter and add the new sender to it next. Of course, this will you take you some time to do, but it’s not impossible or overwhelming. Now to the ‘selling’ part - I mentioned that I made this into a digital product called <a href= "https://sentrya.net" class= "content-link">sentrya.net</a>. Sentrya is for privacy-conscious people who don’t want to spend hours manually searching for subscriptions and creating the filter I mentioned earlier. Basically, Sentrya does all the heavy lifting for you, saves you time and gives you peace of mind. Here’s a short comparison between using Sentrya and doing it yourself: Do it yourself: - It’ll take you a few hours gathering all (or almost all) subscriptions - You have to remember to look in your Trash folder every time a new sender emails you - You need to manually update the filter if you want to add a new sender to it With Sentrya: - It takes about 10 minutes to see a list of active subscriptions - You select (mark as Important) the ones you need - Create the filter with a tap - Get notified when a new sender emails you - Update the filter with a tap This is available for free on Sentrya - Remove your information from unwanted subscriptions (to avoid data selling) - Remove your information from a lot of data brokers (avoid having spammers buying your data) - Find if and when your data appears on the dark web These are available under paid plans Thanks for reading all the way here, and I hope you found this article to be useful in saving your email account :) PS: If you know someone on the brink of giving up on their email, send them this article and spare them the heartache of losing their account Read more

Your iPhone Data May Have Been Leaked in China:–Here is What It Means and How to Protect Yourself

Did you know that your iPhone data may have just been exposed? According to Cybernews, up to 62 million iPhone users’ personal information has been leaked from an iOS app in China. This includes details like your name, ID number, gender, date of birth, phone number, province, and city – basically, enough data for scammers to wreak havoc. If you’re like most people, this probably feels like a punch to the gut. After all, you trust your iPhone and Apple to keep your data safe. Unfortunately, even the best technology can’t always protect you when shady apps or data brokers get involved. <h2 class= "text-heading">Here’s What Was Leaked</h2> Hackers managed to grab personal info that could let them impersonate you online or even in the real world. This data is fresh – as recent as February 2025 – so it’s especially worrying. <h2 class= "text-heading"> Why Should You Care?</h2> Think about all the ways your personal data is linked to your life: - Identity theft – Scammers could open bank accounts or credit lines in your name. - Phishing attacks – You might get emails or texts that look real but are traps. - Financial fraud – They could trick you into sending them money or personal info. - Location-based scams – Because they know where you live, they might tailor attacks just for you. <h2 class= "text-heading">How to Protect Yourself</h2> The best thing you can do right now is to start cleaning up your personal data footprint. Removing your info from data brokers and shady sites is crucial. That’s where services like <a href= "https://sentrya.net" class= "content-link">Sentrya</a> come in. Sentrya helps you find and delete your personal data from data broker websites and search engines. It’s like taking your info back into your own hands – because the less data out there, the harder it is for criminals to target you. Sentrya works by continuously scanning for your info and removing it from places where it shouldn’t be. It’s a smart move to help protect your privacy, especially after a major leak like this. If you’re an iPhone user – or just care about your privacy – don’t wait. This breach is a wake-up call that your personal data can be out there in ways you never imagined. Act now to lock down your information and stop hackers in their tracks. Read more

Morocco CNSS Data Breach: A Wake Up Call for Consumer Data Protection

In April 2025, Morocco experienced a significant cybersecurity incident when the National Social Security Fund (Caisse Nationale de Sécurité Sociale – CNSS) was compromised. The breach resulted in the unauthorised release of sensitive data pertaining to millions of Moroccan workers and hundreds of thousands of businesses. The fallout from this breach has raised serious concerns about consumer privacy and the adequacy of data protection measures. <h2 class= "text-heading">The CNSS Breach: What Happened?</h2> On April 8, 2025, a hacker group identifying itself as JabaRoot DZ claimed responsibility for the cyberattack on CNSS. The group leaked over 50,000 official documents, including personal identification numbers, salary declarations, employment contracts, and correspondence involving foreign diplomatic entities. The leaked data was disseminated through various channels, including encrypted messaging platforms and public file-sharing websites. Cybersecurity analysts suggest that the attackers may have exploited vulnerabilities in outdated file storage protocols or gained access through compromised administrator accounts. The breach potentially began weeks or months before the data was released, allowing the attackers ample time to exfiltrate information undetected. <h2 class= "text-heading">Implications for Consumer Privacy</h2> The CNSS breach has exposed nearly 2 million employees and approximately 470,000 companies to potential risks, including identity theft, financial fraud, and targeted phishing attacks. The leaked information encompasses a wide range of personal and financial data, making it a valuable resource for malicious actors. This incident underscores the vulnerabilities inherent in centralised data repositories and the critical need for robust cybersecurity measures to protect consumer information. It also highlights the importance of transparency and prompt communication from institutions in the event of data breaches. <h2 class= "text-heading">Sentrya: Empowering Consumers to Protect Their Data</h2> In the wake of such breaches, you must take proactive steps to safeguard your personal information. <a href= "https://sentrya.net" class= "content-link">Sentrya</a> offers a comprehensive solution designed specifically for individual users. Sentrya provides tools to remove personal data from the web and data brokers, and to clear inboxes of scams and phishing emails. By leveraging Sentrya’s services, you can regain control over your digital footprint and enhance your privacy. The CNSS data breach serves as a stark reminder of the growing threats to consumer privacy in the digital age. While institutions must bolster their cybersecurity frameworks, individuals also have a role to play in protecting their personal information. Utilising services like Sentrya can be an effective strategy for consumers to mitigate risks and maintain their privacy in an increasingly interconnected world. Read more

Trump Administration Reverses Data Privacy Protections Exposing Americans to Increased Risks

In a significant policy reversal, the Trump administration has dismantled a Biden-era initiative aimed at limiting the sale of Americans’ personal data by data brokers. This move raises substantial concerns about consumer privacy and national security. <h2 class= "text-heading">Background: The Biden-Era Initiative</h2> Under President Biden, the Consumer Financial Protection Bureau (CFPB) proposed regulations to subject data brokers to oversight akin to credit bureaus. The goal was to protect consumers from the unregulated sale of sensitive personal information, which could be exploited for identity theft, scams, and even national security threats. <h2 class= "text-heading">The Reversal and Its Implications</h2> On May 14, 2025, the CFPB announced the withdrawal of the proposed regulations, stating that they no longer align with the bureau’s policy objectives. Consumer advocacy groups, such as Consumer Reports, have expressed alarm, warning that this decision leaves consumers vulnerable to scams and identity theft. The rollback also includes the withdrawal of proposals related to digital payment technologies and the prohibition of certain terms in consumer finance products. <h2 class= "text-heading">Risks to Consumer Privacy</h2> The unregulated sale of personal data poses several risks: • Identity Theft: Personal information can be used to impersonate individuals, leading to financial loss and reputational damage. • Scams and Phishing: Data brokers can sell information to malicious actors who craft targeted scams and phishing emails. • National Security Threats: Sensitive data about government officials and military personnel can be exploited by foreign adversaries for espionage. <h2 class= "text-heading">Sentrya: A Consumer-Focused Solution</h2> In light of these developments, consumers seeking to protect their personal information can turn to services like <a href= "https://sentrya.net" class= "content-link">Sentrya</a>. Sentrya offers tools to remove personal data from the web and data brokers, and to clear inboxes of scams and phishing emails. Designed specifically for individual consumers, Sentrya empowers users to take control of their digital privacy. The Trump administration’s decision to scrap proposed data privacy regulations underscores the importance of individual action in safeguarding personal information. While federal protections may be in flux, consumers can proactively protect themselves using services like <a href= "https://sentrya.net" class= "content-link">Sentrya</a> to mitigate the risks associated with data exposure. Read more

Sentrya

Affiliates Register Terms Privacy