HealthEquity recently made headlines due to a data breach that occurred, affecting some of its customers. The breach was discovered when the company noticed unusual activity on a business partner’s personal device. It was later determined that the partner’s account had been compromised, allowing unauthorized access to member information.
After further investigation, HealthEquity confirmed that this breach was an isolated incident and not related to other recent breaches in the healthcare industry. The breach was detected on March 25, and immediate action was taken to resolve the issue. Extensive data forensics were conducted and completed by June 10, involving both internal and external experts.
The compromised third-party vendor account had access to some of HealthEquity’s SharePoint data. SharePoint is a Microsoft tool used by companies to create websites and share internal information. Fortunately, the breach did not impact transactional systems or integrations, according to HealthEquity spokesperson Amy Cerny.
The company is currently notifying partners, clients, and members about the breach. They are also collaborating with law enforcement and security experts to prevent future incidents. Despite these efforts, Cerny declined to disclose the specific information that was stolen, the number of people affected, or the identity of the partner involved.
Earlier this year, HealthEquity reported that they manage HSAs and other CDBs for over 15 million accounts in partnership with various organizations. This breach serves as a reminder of the importance of data security in the healthcare industry and the need for robust measures to protect sensitive information.
If you have any additional information about the HealthEquity breach, you can securely contact Lorenzo Franceschi-Bicchierai on Signal at +1 917 257 1382, or via Telegram, Keybase, and Wire @lorenzofb, or email. TechCrunch can also be contacted via SecureDrop for further details.
Overall, this incident highlights the ongoing cybersecurity challenges faced by companies, especially those handling sensitive health information. It underscores the need for continuous monitoring, prompt detection, and swift response to mitigate the impact of data breaches.
