Mid Atlantic Retina, also known as WillsEye Physicians, has recently reported a data breach stemming from its third-party service provider, ConnectOnCall.com. The breach occurred between February 16 and May 12, 2024, when an unauthorized party gained access to ConnectOnCall’s network, exposing sensitive information about patients. The compromised data includes personal details such as names, phone numbers, dates of birth, medical record numbers, and medical histories. Once the breach was identified, Mid Atlantic Retina promptly initiated an investigation and began notifying affected individuals through data breach letters.
ConnectOnCall, a subsidiary of Phreesia, is a digital answering service that assists healthcare providers with after-hours calls, including those for Mid Atlantic Retina. Following the breach, ConnectOnCall secured its systems and launched a thorough investigation to determine the scope of the incident and which files had been compromised. The company’s investigation confirmed that the unauthorized access lasted several months, exposing confidential information belonging to Mid Atlantic Retina patients.
In response to the breach, ConnectOnCall has been in contact with the affected individuals and has sent out breach notification letters to provide them with information about what was compromised.
Patients were advised to review the details of their compromised data and take steps to protect their information, such as changing passwords and being vigilant against potential scams. The company has assured customers that additional security measures are being implemented to prevent similar incidents in the future.
Mid Atlantic Retina, which specializes in retinal care and has locations across the Mid-Atlantic region, works closely with ConnectOnCall to enhance patient communication. The breach has raised concerns about the security of patient data, particularly when sensitive information is handled by third-party service providers. As both companies continue their efforts to address the incident, they are also cooperating with regulatory authorities to ensure compliance and prevent further exposure of patient information.
Reference: