Mid Atlantic Retina is notifying our clients that one of our vendors, ConnectOnCall.com (“ConnectOnCall”), experienced an incident that impacted a small subset of our patients. Mid Atlantic Retina uses ConnectOnCall to assist with our after-hours patient calls.
On December 11, 2024, ConnectOnCall began mailing notification letters to certain patients whose information was involved in the incident.
On May 12, 2024, ConnectOnCall learned of an issue impacting their services. As soon as ConnectOnCall learned of the incident, they immediately began an investigation and took steps to secure their product and ensure the overall security of their environment. Their investigation revealed that between February 16, 2024, and May 12, 2024, an unknown third party had access to ConnectOnCall and certain data within the application, including certain information in provider-patient communications.
ConnectOnCall determined that the personal information involved in this incident may have included Mid Atlantic Retina patient’s names, phone numbers, dates of birth, medical record numbers (not social security numbers), and/or medical histories.
ConnectOnCall engaged external cybersecurity specialists to determine the full nature and scope of the incident, identify any involved information, and help them enhance their security controls to mitigate the risk of future security incidents. Also, after becoming aware of the incident, they took the ConnectOnCall product offline and have been working through a phased restoration of the product in a new, more secure environment. ConnectOnCall also notified federal law enforcement of the incident.
You should always remain vigilant and review statements you receive from your healthcare provider. If you see charges for services you did not receive, please contact the provider immediately.
Please do not hesitate to contact ConnectOnCall at (866) 997-4596, Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time, if you have any questions or concerns.
