HealthEquity, a provider of health tech services, reported a data breach to federal regulators,
revealing that hackers had stolen some customers protected health information.
The company disclosed a data breach attributing it to unusual activity detected on a device
associated with a business partner. An investigation revealed that the partner’s account had
been compromised, allowing hackers to infiltrate Health Equity’s systems and steal protected
health information (PHI) from some customers. This breached data included personally
identifiable information (PII), raising significant concerns due to its sensitive nature.
One spokesperson Amy Cerny stated that the breach, detected on March 25, was promptly
managed. Immediate measures were taken to contain the incident, and a thorough forensic
investigation, completed on June 10, revealed that hackers had exploited a third-party
vendor’s access to HealthEquity’s SharePoint data.
In response to the data breach, Company assembled a team of internal and external experts to
thoroughly investigate the incident ,informed law enforcement agencies, demonstrating their
commitment to transparency and proactively informed potentially affected partners, clients,
and members about the breach. However, they have been discreet about the specifics of the
compromised data and the number of impacted individuals.