On Tuesday, health tech services provider HealthEquity disclosed in a filing with federal regulators that it had suffered a data breach, in which hackers stole the “protected health information” of some customers.
In an 8-K filing with the SEC, the company said it detected “anomalous behavior by a personal use device belonging to a business partner,” and concluded that the partner’s account had been compromised by someone who then used the account to access members’ information.
On Wednesday, HealthEquity disclosed more details of the incident with TechCrunch. HealthEquity spokesperson Amy Cerny said in an email that this was “an isolated incident” that is not connected to other recent breaches, such as that of Change Healthcare, owned by the healthcare giant UnitedHealth. In May, UnitedHealth CEO Andrew Witty said in a House hearing that the breach affected “maybe a third” of all Americans.
HealthEquity detected the breach on March 25, when it “took immediate action, resolved the issue, and began extensive data forensics, which were completed on June 10.” The company brought together “a team of outside and internal experts to investigate and prepare for response.” The investigations determined that the breach was due to the compromised third-party vendor account having access to “some of HealthEquity’s SharePoint data,” according to Cerny.
Contact Us
Do you have more information about this HealthEquity breach? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
SharePoint is a set of Microsoft tools that allows companies to create websites, as well as store and share internal information — essentially an intranet.
Cerny also said that “transactional systems, where integrations occur, were not impacted,” and that the company is notifying partners, clients and members, and has been working with law enforcement as well as experts to work on preventing future incidents.
TechCrunch asked Cerny to specify what personally identifiable and “protected health” information was stolen in this breach, how many people have been affected and what partner was involved. Cerny declined to answer all of these questions.
Earlier this year, HealthEquity reported that the company and its subsidiaries “administer HSAs and other CDBs for our more than 15 million accounts in partnership with employers, benefits advisers, and health and retirement plan providers.”
Chinese marketplace DHgate becomes a top US app as trade war intensifies
The Trump trade war has gone viral on TikTok, pushing a Chinese e-commerce app, DHgate, to the top of the...
Hertz says customers’ personal data and driver’s licenses stolen in data breach
Car rental giant Hertz has begun notifying its customers of a data breach that included their personal information and driver’s...
OpenAI plans to phase out GPT-4.5, its largest-ever AI model, from its API
OpenAI said on Monday that it would soon wind down the availability of GPT-4.5, its largest-ever AI model, via its...
Google’s newest AI model is designed to help study dolphin ‘speech’
Google’s AI research lab, Google DeepMind, says that it has created an AI model that can help decipher dolphin vocalizations,...
