Healthcare fintech agency HealthEquity disclosed an information breach
July 04, 2024
Healthcare agency HealthEquity disclosed an information breach brought on by a associate’s compromised account that uncovered protected well being data.
Healthcare fintech agency HealthEquity disclosed an information breach after a associate’s compromised account was used to entry its programs. The intruders have stolen protected well being data from the corporate programs. The corporate found an anomalous habits from the associate’s private gadget and instantly launched an investigation that led to the invention of the safety breach.
“The investigation concluded that the Associate’s person account had been compromised by an unauthorized third celebration, who used that account to entry data. The accessed data included some personally identifiable data, which in some instances is taken into account protected well being data, pertaining to sure of our members. The investigation additional concluded that some data was subsequently transferred off the Associate’s programs.” reads the FORM 8-K filed with SEC. “The Firm has taken steps to strengthen its safety setting, together with with respect to the compromised Associate account and the advisable actions of its incident response agency. The investigation didn’t discover placement of malicious code on any Firm programs. There was no interruption to the Firm’s programs, providers, or enterprise operations.”
HealthEquity is a number one monetary expertise firm that makes a speciality of administering well being financial savings accounts (HSAs) and different consumer-directed advantages. Some key information about HealthEquity:
As of July 2022, HealthEquity managed 7.5 million HSA accounts with $20.5 billion in belongings, plus a further 7 million different consumer-directed profit accounts for a complete of 14.5 million accounts.
The company is notifying its partners and clients, as well as identifying and notifying impacted individual members.
HealthEquity will offer complimentary credit monitoring and identity restoration services. The investigation is still ongoing and the healthcare fintech firm has yet to determine the fill impact of the incident.
“The Company does not currently believe the incident will have a material adverse effect on its business, operations, or financial results.” continues the Form 8-K.
“The Company believes it holds adequate cybersecurity insurance for this incident and will also be seeking recourse from the Partner.”
Comply with me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, healthcare)
