Notice of Data Breach
Dear Patient:
ConnectOnCall.com, LLC provides a product (“ConnectOnCall”) that healthcare providers purchase to improve their after-hours call process and enhance communications between the providers and their patients. I am writing to inform you about an incident that involved personal information about you relating to your communications with a healthcare provider that uses ConnectOnCall. We regret that this incident occurred and take the security of personal information seriously. We are sending you this correspondence to tell you what happened, what information was involved, what we have done, and what you can do to address this situation.
WHAT HAPPENED. On May 12, 2024, we learned of an issue impacting ConnectOnCall. As soon as we learned of the incident, we immediately began an investigation and took steps to secure the product and ensure the overall security of our environment. Our investigation revealed that between February 16, 2024, and May 12, 2024, an unknown third party had access to ConnectOnCall and certain data within the application, including certain information in provider-patient communications.
WHAT INFORMATION WAS INVOLVED. You are receiving this notice because you or your family member,
health advocate, or healthcare provider provided your information in a patient-provider message using ConnectOnCall.
We have determined that the personal information involved in this incident may have included your name and phone number, and information related to your health conditions, treatments, or prescriptions.
WHAT WE ARE DOING. We engaged external cybersecurity specialists to determine the full nature and scope of
the incident, identify any impacted information, and help us enhance our security controls to mitigate the risk of future
security incidents. Also, after becoming aware of the incident, we took the ConnectOnCall product offline and have been working through a phased restoration of the product in a new, more secure environment. We also notified federal law enforcement of the incident.
WHAT YOU CAN DO. Consistent with certain laws, we are providing you with the following information about steps that a consumer can take to protect against potential misuse of personal information.
You should always remain vigilant for incidents of fraud and identity theft, including by regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your accounts or suspect identity theft or fraud, be sure to report it immediately to your financial institutions.
In addition, you may contact the Federal Trade Commission (“FTC”) or law enforcement, including your state Attorney General, to report incidents of identity theft or to learn about steps you can take to protect yourself from identity theft. To learn more, you can go to the FTC’s website at www.ftc.gov/idtheft, or call the FTC at (877) IDTHEFT (438-4338) or write to Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
You may also periodically obtain credit reports from the nationwide credit reporting agencies. If you discover information on your credit report arising from a fraudulent transaction, you should request that the credit reporting agency delete that information from your credit report file. In addition, under federal law, you are entitled to one free copy of your credit report every 12 months from each of the three nationwide credit reporting agencies. You may obtain a free copy of your credit report by going to www.AnnualCreditReport.com or by calling (877) 322-8228. You may contact the nationwide credit reporting agencies at:
| Equifax (800) 685-1111 P.O. Box 740241 Atlanta, GA 30374-0241 www.Equifax.com |
Experian (888) 397-3742 P.O. Box 9701 Allen, TX 75013 www.Experian.com |
TransUnion (800) 680-7289 Fraud Victim Assistance Department P.O. Box 2000 Chester, PA 19022-2000 www.TransUnion.com |
You also have other rights under the Fair Credit Reporting Act (“FCRA”). For information about your rights under the FCRA, please visit: https://files.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf.
In addition, you may obtain additional information from the FTC and the credit reporting agencies about fraud alerts and security freezes. You can add a fraud alert to your credit report file to help protect your credit information. A fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to verify your identity. You may place a fraud alert in your file by calling any of the nationwide credit reporting agencies listed above. As soon as that agency processes your fraud alert, it will notify the other two agencies, which then must also place fraud alerts in your file.
In addition, you can contact the nationwide credit reporting agencies at the numbers listed above to place a security freeze to restrict access to your credit report. You will need to provide the credit reporting agency with certain information, such as your name, address, date of birth, and Social Security number. After receiving your request, the credit reporting agency will send you a confirmation containing a unique PIN or password that you will need in order to remove or temporarily lift the freeze. You should keep the PIN or password in a safe place.
FOR MORE INFORMATION. Please know that we regret any inconvenience or concern this incident may cause you. Please do not hesitate to contact us at Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time, excluding major U.S. holidays, if you have any questions or concerns.
Sincerely,
Evan Roberts ConnectOnCall.com, LLC
IF YOU ARE A NEW YORK RESIDENT: You may obtain information about security breach response and identity theft prevention and protection from the FTC or from the following New York state agencies:
| Federal Trade Commission Consumer Response Center 600 Pennsylvania Avenue, NW Washington, DC 20580 (877) IDTHEFT (438-4338) www.consumer.gov/idtheft |
New York Attorney General The Capitol Albany, NY (800) 771-7755 www.ag.ny.gov |
New York Department of State Division of Consumer Protection 99 Washington Avenue Suite 650 Albany, NY 12231 (800) 697-1220 www.dos.ny.gov |
IF YOU ARE A DISTRICT OF COLUMBIA RESIDENT: You may obtain information about avoiding identity theft from the FTC or the District of Columbia Attorney General’s Office. These offices can be reached at:
| Federal Trade Commission Consumer Response Center 600 Pennsylvania Avenue, NW Washington, DC 20580 (877) IDTHEFT (438-4338) |
Office of the Attorney General 400 6th Street, NW Washington, DC 20001 (202) 727-3400 |
IF YOU ARE A MARYLAND RESIDENT: You may obtain information about security breach response and identity theft prevention and protection from the FTC or from the Maryland Office of the Attorney General:
| Federal Trade Commission Consumer Response Center 600 Pennsylvania Avenue, NW Washington, DC 20580 (877) IDTHEFT (438-4338) |
Office of the Attorney General Consumer Protection Division 200 St. Paul Place Baltimore, MD 21202 (888) 743-0023 |
IF YOU ARE A NORTH CAROLINA RESIDENT: You may obtain information about preventing identity theft from the FTC or the North Carolina Attorney General’s Office. These offices can be reached at:
| Federal Trade Commission Consumer Response Center 600 Pennsylvania Avenue, NW Washington, DC 20580 (877) IDTHEFT (438-4338) |
North Carolina Department of Justice Attorney General Josh Stein 9001 Mail Service Center Raleigh, NC 27699-9001 (877) 566-7226 |
IF YOU ARE A RHODE ISLAND RESIDENT: You may contact state or local law enforcement to determine whether you can file or obtain a police report relating to this incident. In addition, you can contact the Rhode Island Attorney General at:
Office of the Attorney General
150 South Main Street
Providence, RI 02903
(401) 274-4400