FinSecLedger
Breach Analysis3 min read

Phreesia Data Breach: Third-Party Vulnerability Exposes Patient Data

Analysis of the Phreesia, Inc. data breach - what happened, who's affected, and what to do.

By FinSecLedger

Key Facts

Phreesia, Inc., a healthcare software company, disclosed a data breach on August 25, 2025, affecting 100,000+ individuals. The incident involved a third-party vulnerability in Salesloft Drift, a tool used to manage Salesforce environments for healthcare providers. Exposed data included names, addresses, DOB, SSNs, emails, and limited medical records.

What Was Exposed?

The breach targeted service tickets in Salesforce, which occasionally contained patient information. While financial and medical chart data were not accessed, the exposure of SSNs and personal identifiers poses significant risks for identity theft and fraud. This highlights the dangers of third-party tools handling sensitive data.

Attack Vector Analysis

The breach exploited a previously unknown vulnerability in Salesloft Drift, a third-party software. This underscores the growing risk of supply chain attacks in the healthcare sector. Phreesia’s reliance on external tools created a critical attack surface, emphasizing the need for rigorous third-party risk management.

Context & Industry Trends

This incident aligns with a surge in third-party data breaches in 2025. Similar incidents, like the 2023 SolarWinds attack, show how vulnerabilities in external tools can cascade into major breaches. Regulatory scrutiny is intensifying, with California’s AG office actively enforcing data protection laws.

What This Means

The breach underscores the fragility of healthcare IT ecosystems. Even non-financial companies like Phreesia handle data that can be monetized by cybercriminals. The lack of transparency about the exact scope of exposure raises concerns about data minimization practices.

Action Items for Affected Individuals

  1. Enroll in Identity Monitoring: Phreesia offers free two-year monitoring via Kroll. Activate by the deadline.
  2. Check Credit Reports: Obtain free reports from Equifax, Experian, and TransUnion via AnnualCreditReport.com.
  3. Place Fraud Alerts: Contact credit agencies to add alerts or freezes to your credit files.
  4. Monitor Financial Accounts: Report suspicious activity immediately to financial institutions.

What We Know

  • Breach Date: August 25, 2025
  • Attack Method: Third-party software vulnerability
  • Data Compromised: Names, addresses, DOB, SSN, emails, limited medical records
  • Mitigation: Phreesia disabled Salesloft Drift and hired cybersecurity experts

What This Means for the Industry

Healthcare providers must prioritize vendor due diligence and zero-trust architectures. Regulators may tighten rules on third-party data handling, especially under California’s CPRA. This breach serves as a stark reminder that no system is immune to supply chain risks.

This analysis is based on the official breach notification filed with the California Attorney General. Information may be updated as more details emerge.

Tags:breachanalysishealthcaretechnologysoftware_companythird_party

Related Analysis

Third-Party Breach Exposes 1.2M Users’ Data at Awes.me, Inc.
2 min read
Headline: Evolve Mortgage Services Breach Exposes Millions of Consumer Records in 2025 Cyberattack
2 min read
MedRevenu Data Breach: 200K+ Patients at Risk as Sensitive Info Leaks
2 min read
Awes.me, Inc. Data Breach Analysis
5 min read