Healthcare supplier HealthEquity disclosed in a submitting with federal regulators on Tuesday that it was hit by a knowledge breach by which hackers stole “protected well being data” about some prospects.
In an 8-Ok submitting with the SEC, the corporate mentioned it found “anomalous habits on a private machine belonging to a enterprise affiliate” and concluded that the affiliate’s account had been compromised by somebody who then used the account to entry members’ data.
HealthEquity revealed extra particulars in regards to the incident to TechCrunch on Wednesday. HealthEquity spokeswoman Amy Cerny mentioned in an electronic mail that it was an “remoted incident” unrelated to different latest breaches equivalent to Change Healthcare, which is owned by well being care large UnitedHealth. In Might, UnitedHealth CEO Andrew Whitty informed a Home listening to that the breach affected “maybe a 3rd” of all Individuals.
HealthEquity found the breach on March 25 when it “took fast motion to resolve the problem and commenced an in depth information examination that was accomplished on June 10.” The corporate assembled “a staff of exterior and inner consultants to analyze and put together to reply.” In line with Cerny, the investigation decided that the breach was associated to a compromised third-party vendor’s account accessing “some SharePoint HealthEquity information.”
Contact us
Do you’ve extra details about this HealthEquity breach? From a non-working machine, you’ll be able to safely contact Lorenzo Franceschi-Biccherai on Sign at +1 917 257 1382, by way of Telegram, Keybase and Wire @lorenzofb, or by electronic mail. You too can contact TechCrunch by way of SecureDrop.
SharePoint is a set of Microsoft instruments that enables firms to create web sites and retailer and share data internally – primarily an intranet.
Czerny additionally mentioned that “the transactional programs the place the integrations happen weren’t affected” and that the corporate is notifying companions, prospects and individuals and is working with legislation enforcement and consultants to work to forestall future incidents.
TechCrunch requested Cherny to make clear what personally identifiable data and “protected well being” data was stolen within the breach, how many individuals have been affected and which companion was concerned. Cerny refused to reply all these questions.
HealthEquity reported earlier this yr that the corporate and its subsidiaries “handle HSAs and different CDBs for our greater than 15 million accounts in partnership with employers, advantages consultants and well being and retirement plan suppliers.”
