Tuesday, health tech services provider HealthEquity disclosed a causa di a filing with federal regulators that it had suffered a giorno breach, a causa di which hackers stole the “protected health information” of some customers.
Durante an 8-K filing with the SEC, the company said it detected “anomalous behavior by a personal use device belonging to a business compagno,” and concluded that the compagno’s account had been compromised by someone who then used the account to access members’ information.
Wednesday, HealthEquity disclosed more details of the incident with TechCrunch. HealthEquity spokesperson Amy Cerny said a causa di an email that this was “an isolated incident” that is not connected to other recent breaches, such as that of Change Healthcare, owned by the healthcare giant UnitedHealth. Durante May, UnitedHealth CEO Andrew Witty said a causa di a House hearing that the breach affected “maybe a third” of all Americans.
HealthEquity detected the breach acceso March 25, when it “took immediate action, resolved the issue, and began extensive giorno forensics, which were completed acceso June 10.” The company brought together “a team of outside and internal experts to investigate and prepare for response.” The investigations determined that the breach was to the compromised third-party vendor account having access to “some of HealthEquity’s SharePoint giorno,” according to Cerny.
Contact Us
Do you have more information about this HealthEquity breach? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely acceso Signal at +1 917 257 1382, altrove Telegram, Keybase and Wire @lorenzofb, email. You also can contact TechCrunch altrove SecureDrop.
SharePoint is a set of Microsoft tools that allows companies to create websites, as well as store and share internal information — essentially an intranet.
Cerny also said that “transactional systems, where integrations occur, were not impacted,” and that the company is notifying partners, clients and members, and has been working with law enforcement as well as experts to work acceso preventing future incidents.
TechCrunch asked Cerny to specify what personally identifiable and “protected health” information was stolen a causa di this breach, how many people have been affected and what compagno was involved. Cerny declined to answer all of these questions.
Earlier this year, HealthEquity reported that the company and its subsidiaries “administer HSAs and other CDBs for our more than 15 million accounts a causa di partnership with employers, benefits advisers, and health and retirement plan providers.”
