07-04-2024, 01:09 PM
Healthcare firm HealthEquity disclosed a data breach caused by a partner’s compromised account that exposed protected health information.
Healthcare fintech firm HealthEquity has disclosed a data breach following the compromise of a partner’s account, which was used to access its systems. The intruders stole protected health information from the company’s systems. HealthEquity detected unusual activity from the partner’s personal device and promptly launched an investigation, which revealed the security breach.
“The investigation concluded that the partner’s user account had been compromised by an unauthorized third party, who used that account to access information. The accessed information included some personally identifiable information, which in some cases is considered protected health information, pertaining to certain of our members. The investigation further concluded that some information was subsequently transferred off the partner’s systems,” reads the Form 8-K filed with the SEC. “The Company has taken steps to strengthen its security environment, including measures related to the compromised partner account and the recommendations of its incident response firm. The investigation did not find any malicious code on Company systems. There has been no interruption to the Company’s systems, services, or business operations.”
HealthEquity is a leading financial technology company specializing in administering health savings accounts (HSAs) and other consumer-directed benefits. As of July 2022, HealthEquity managed 7.5 million HSA accounts with $20.5 billion in assets, plus an additional 7 million other consumer-directed benefit accounts, totaling 14.5 million accounts. The company is notifying its partners and clients, as well as identifying and notifying affected individual members.
HealthEquity will offer complimentary credit monitoring and identity restoration services. The investigation is ongoing, and the healthcare fintech firm has yet to determine the full impact of the incident.
“The Company does not currently believe the incident will have a material adverse effect on its business, operations, or financial results,” the Form 8-K continues. “The Company believes it holds adequate cybersecurity insurance for this incident and will also be seeking recourse from the partner.”
Which threat actor? doe anyone knows? I didn't find anything.
Healthcare fintech firm HealthEquity has disclosed a data breach following the compromise of a partner’s account, which was used to access its systems. The intruders stole protected health information from the company’s systems. HealthEquity detected unusual activity from the partner’s personal device and promptly launched an investigation, which revealed the security breach.
“The investigation concluded that the partner’s user account had been compromised by an unauthorized third party, who used that account to access information. The accessed information included some personally identifiable information, which in some cases is considered protected health information, pertaining to certain of our members. The investigation further concluded that some information was subsequently transferred off the partner’s systems,” reads the Form 8-K filed with the SEC. “The Company has taken steps to strengthen its security environment, including measures related to the compromised partner account and the recommendations of its incident response firm. The investigation did not find any malicious code on Company systems. There has been no interruption to the Company’s systems, services, or business operations.”
HealthEquity is a leading financial technology company specializing in administering health savings accounts (HSAs) and other consumer-directed benefits. As of July 2022, HealthEquity managed 7.5 million HSA accounts with $20.5 billion in assets, plus an additional 7 million other consumer-directed benefit accounts, totaling 14.5 million accounts. The company is notifying its partners and clients, as well as identifying and notifying affected individual members.
HealthEquity will offer complimentary credit monitoring and identity restoration services. The investigation is ongoing, and the healthcare fintech firm has yet to determine the full impact of the incident.
“The Company does not currently believe the incident will have a material adverse effect on its business, operations, or financial results,” the Form 8-K continues. “The Company believes it holds adequate cybersecurity insurance for this incident and will also be seeking recourse from the partner.”
Which threat actor? doe anyone knows? I didn't find anything.
