HealthEquity, Inc. reported a data breach involving personally identifiable and protected health information of its members, which was accessed through a compromised account of a business partner.
The incident was discovered through routine monitoring earlier this year, revealing anomalous activity on a personal device used by a business partner. The unauthorized access allowed a third party to obtain sensitive information. HealthEquity promptly isolated the issue and conducted a thorough investigation.
The compromised data included personally identifiable information (PII) and protected health information (PHI) of certain members. Following the investigation, the company confirmed that some data had been exfiltrated from its partner's systems.
HealthEquity is a prominent financial technology and business services company. It is designated as a non-bank health savings trustee by the IRS, allowing it to manage health savings accounts (HSAs).
As of July 2022, HealthEquity managed 14.5 million accounts, including 7.5 million HSAs with assets totaling $20.5 billion.
Upon discovering the breach, HealthEquity took immediate actions to mitigate the impact, including reinforcing security protocols and addressing vulnerabilities related to the compromised partner account. The company emphasized that there was no placement of malicious code on its systems and no interruption to its services or business operations.
HealthEquity will be notifying its partners and clients, as well as individuals whose information may have been compromised, soon. Complimentary credit monitoring and identity restoration services will also be offered to affected individuals.
Despite the breach, HealthEquity does not anticipate a material adverse effect on its business, operations, or financial results. The company is currently evaluating the impact of the incident, including remediation expenses and potential liabilities, while believing that its cybersecurity insurance will cover the incident.
For those potentially affected by the breach, the following measures are recommended:
- Take advantage of the complimentary credit monitoring services offered by HealthEquity to detect any suspicious activity on your accounts.
- Regularly review your bank and credit card statements for any unauthorized transactions.
- Update passwords for all online accounts, especially those related to financial and health information, and ensure they are strong and unique.
- Use two-factor authentication on all accounts to add an extra layer of protection.
- Be cautious of phishing attempts and unsolicited communications asking for personal information.
Leave a Reply