Full Report
Healthcare software as a service (SaaS) company Phreesia is notifying over 910,000 people that their personal and health data was exposed in a May breach of its subsidiary ConnectOnCall. [...]
Analysis Summary
The provided article snippet does not contain the specific details required to construct a full incident timeline, including precise dates, vectors, scope, detailed response actions, or attacker techniques (MITRE ATT&CK mapping). The text is primarily a headline and links from the BleepingComputer website structure.
Therefore, the summary will be based *only* on the information explicitly given in the headline, which establishes the **impact**. I will use placeholders for fields where context is missing.
---
# Incident Report: ConnectOnCall Patient Data Exposure
## Executive Summary
The healthcare-adjacent entity, ConnectOnCall, experienced a significant data breach exposing the sensitive health information of over 910,000 patients. While the article headline confirms the massive data compromise, specific details regarding the attack timeline, entry vector, and organizational response actions are not detailed in the provided context.
## Incident Details
- Discovery Date: [Not disclosed in context]
- Incident Date: [Not disclosed in context]
- Affected Organization: ConnectOnCall
- Sector: Healthcare/Health Technology
- Geography: [Not disclosed in context]
## Timeline of Events
### Initial Access
- Date/Time: [Unknown]
- Vector: [Unknown]
- Details: [Unknown]
### Lateral Movement
- [Unknown]
### Data Exfiltration/Impact
- [Sensitive patient health data was exfiltrated from ConnectOnCall systems.]
### Detection & Response
- [Details of discovery and response actions are unknown based on the provided text.]
## Attack Methodology
*No specific technical details were provided in the context to map common attacker techniques (Initial Access, Persistence, Privilege Escalation, etc.).*
## Impact Assessment
- Financial: [Unknown]
- Data Breach: Health data belonging to **over 910,000 patients**.
- Operational: [Unknown]
- Reputational: Significant, due to the exposure of sensitive health records.
## Indicators of Compromise
- [No specific IOCs (IPs, domains, hashes) were provided in the context.]
## Response Actions
- [Containment measures: Unknown]
- [Eradication steps: Unknown]
- [Recovery actions: Unknown]
## Lessons Learned
- **Scale of Impact:** The incident highlights the critical risk associated with holding large volumes of Protected Health Information (PHI).
- **Vulnerability:** A significant vulnerability existed allowing unauthorized access to patient records.
## Recommendations
- Immediate review and auditing of security controls governing access to patient databases.
- Implementation of stricter access controls and multi-factor authentication across all relevant systems.
- Review of data retention policies to minimize the volume of sensitive data stored.