Legal Representation for Victims of Data Breaches in California
The Data Breach Attorneys at Potter Handy Law Firm have the knowledge and resources to thoroughly examine your case, conduct an investigation into the breach, and, when needed, fight for justice.
Potter Handy LLP is currently reviewing cases on behalf of individuals affected by the Phreesia data breach. These individuals may have had their personal and confidential information illegally accessed by an unknown third party during the Phreesia data breach. Potter Handy LLP will conduct a complimentary assessment of your data breach claim in order to safeguard the rights and privacy of all those impacted by the Phreesia data breach.
We are only interested in claims that arose in California. Contact us today by filling out the form on this webpage to learn more about how we can help you with your case.
What Happened?
Phreesia learned on or around August 25, 2025, that it was impacted by a data security incident involving a third-party software tool called Salesloft Drift. An unknown third party exploited a previously unknown vulnerability in that tool and accessed Salesforce environments used by hundreds of organizations, including Phreesia.
The vulnerability was not within Phreesia’s internal systems. The incident affected only Phreesia’s Salesforce environment, which is used to store information shared by healthcare organizations when they request assistance with customer service issues. These service tickets occasionally include limited patient information when relevant to resolving an issue.
Upon discovering the incident, Phreesia promptly took steps to secure its Salesforce environment, including disabling Salesloft Drift, and engaged external cybersecurity experts to investigate the matter and determine its scope.
The investigation determined that on August 17, 2025, the unauthorized third party accessed certain service tickets stored in Salesforce. In some instances, these tickets included limited patient information. The information that may have been involved in this incident varies by individual but may have included first name, last name, email address and/or other contact details, limited patient information contained within support tickets as provided by healthcare organizations, and other personally identifiable information (PII).
Notification letters have begun to be sent to affected individuals, providing information about the incident and the types of personal information that may have been involved.
If you’ve received a notification about a data breach, it is vital to understand the seriousness of the situation. Your personal and protected health information may have been compromised, making it vulnerable to cybercriminals. Given these circumstances, it is essential to act swiftly by contacting our highly qualified Data Breach Lawyers. These attorneys can effectively protect your legal rights and ensure those responsible are held accountable.
By selecting a qualified Data Breach Lawyer, you can be assured that your interests are protected thoroughly during the entire case, providing you with peace of mind.
What Information Was Involved?
The breach exposed a wide range of sensitive data, putting individuals at risk of identity theft and fraud. The types of information exposed may include:
- First name
- Last name
- Email address and/or other contact details
- Limited patient information contained within support tickets, as provided by healthcare organizations
- Other personally identifiable information (PII)
Protecting Consumers’ Privacy Rights Following the Phreesia Data Breach
If you were notified that your information had been stolen as a result of the Phreesia data breach, you may be entitled to compensation or other remedies.
Don’t wait until it’s too late to protect your rights and seek compensation. Contact us today by filling out the form on this webpage for a free consultation and to learn more about how we can help you with your case. Our attorneys are available 24/7 and there are no out-of-pocket expenses for our clients. Let us help you seek justice and hold companies accountable for their negligence in protecting personal information. Regrettably, we are unable to respond to phone inquiries. Free Consultations 24/7. No out-of-pocket expenses.