Healthcare software provider Phreesia revealed its telehealth platform, ConnectOnCall, was hit by a data breach from February to May 2024. The breach, affecting over 910,000 patients, exposed personal and medical information. Unlike financial breaches, health information cannot be replaced and is in high demand on the dark web. This raises the risk of identity theft, fraud, and targeted phishing attacks. Phreesia has informed affected individuals and offered identity and credit monitoring services to those whose Social Security Numbers were compromised.

Ivanti patches serious Connect Secure flaw
Ivanti has patched a critical flaw in its Connect Secure VPN reportedly exploited by Chinese state-backed actors. Identified as CVE-2025-22457, the buffer overflow vulnerability was