On Tuesday, well being tech companies supplier HealthEquity disclosed in a submitting with federal regulators that it had suffered an information breach, wherein hackers stole the “protected health information” of some prospects.
In an 8-Okay submitting with the SEC, the corporate stated it detected “anomalous behavior by a personal use device belonging to a business partner,” and concluded that the accomplice’s account had been compromised by somebody who then used the account to entry members’ data.
On Wednesday, HealthEquity disclosed extra particulars of the incident with TechCrunch. HealthEquity spokesperson Amy Cerny stated in an e mail that this was “an isolated incident” that isn’t related to different current breaches, akin to that of Change Healthcare, owned by the healthcare large UnitedHealth. In May, UnitedHealth CEO Andrew Witty stated in a House listening to that the breach affected “maybe a third” of all Americans.
HealthEquity detected the breach on March 25, when it “took immediate action, resolved the issue, and began extensive data forensics, which were completed on June 10.” The firm introduced collectively “a team of outside and internal experts to investigate and prepare for response.” The investigations decided that the breach was because of the compromised third-party vendor account gaining access to “some of HealthEquity’s SharePoint data,” based on Cerny.
Contact Us
Do you might have extra details about this HealthEquity breach? From a non-work gadget, you may contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or by way of Telegram, Keybase and Wire @lorenzofb, or e mail. You can also contact TechCrunch by way of SecureDrop.
SharePoint is a set of Microsoft instruments that enables corporations to create web sites, in addition to retailer and share inside data — basically an intranet.
Cerny additionally stated that “transactional systems, where integrations occur, were not impacted,” and that the corporate is notifying companions, purchasers and members, and has been working with regulation enforcement in addition to specialists to work on stopping future incidents.
TechCrunch requested Cerny to specify what personally identifiable and “protected health” data was stolen on this breach, how many individuals have been affected and what accomplice was concerned. Cerny declined to reply all of those questions.
Earlier this 12 months, HealthEquity reported that the corporate and its subsidiaries “administer HSAs and other CDBs for our more than 15 million accounts in partnership with employers, benefits advisers, and health and retirement plan providers.”
