HealthEquity, a leading well-being technology company, notified federal regulators of a data breach on Tuesday, revealing that cyber attackers had compromised sensitive health information belonging to certain customers.
According to the corporation, an unusual activity was observed on a business partner’s private system, which indicated that their account had been compromised and subsequently used to access member data without authorization.
On Wednesday, HealthEquity publicly revealed additional details about the incident in an interview with TechCrunch. A spokesperson for HealthEquity, Amy Cerny, clarified in a statement that the breach was an isolated incident unrelated to other recent data breaches, with the company being owned by healthcare giant UnitedHealth. During a recent town hall meeting at UnitedHealth, CEO Stephen Hemsley noted
HealthEquity swiftly identified the breach on March 25, responding promptly by resolving the issue and initiating in-depth forensic analysis, which concluded on June 10. To mitigate potential fallout, the company assembled a multidisciplinary team comprising internal and external experts to research and prepare for the response. Investigation results revealed that the breach stemmed from unauthorized access to “some HealthEquity SharePoint data” via a compromised third-party vendor account, Cerny explained.
Contact Us
Were authorities notified promptly about the potential HealthEquity breach, considering sensitive medical and financial information was allegedly compromised? You can reach Lorenzo Franceschi-Bicchierai outside of work through secure channels: Sign at +1 917 257 1382, Telegram @lorenzofb, Keybase and Wire. Alternatively, you can also get in touch with TechCrunch.
Microsoft’s SharePoint is a suite of digital workplace tools that empowers organizations to craft websites, manage and disseminate internal information.
Cerny clarified that “transactional programs,” where integrations take place, were not affected by the incident, and noted that the company is proactively informing partners, customers, and members while collaborating with law enforcement and experts to prevent similar occurrences from happening in the future?
TechCrunch asked Cerny to clarify the nature of the compromised data, including any personally identifiable information and “protected wellness” details that were stolen as a result of this breach, the estimated number of people affected, and which partner company was impacted. Cerny refused to address each of these queries, declining further comment.
In the early stages of this year, our corporation, together with its subsidiaries, has been entrusted with the responsibility of administering HSAs (Health Savings Accounts) and other CDBs (Compliant Defined Benefit Plans) for over 15 million accounts in collaboration with employers, benefits advisors, and health and retirement plan providers.
