4.3 Million Impacted by HealthEquity Data Breach

Share This Post

HealthEquity is notifying 4.3 million individuals that their personal and health information was compromised in a data breach at a third-party vendor.

The incident, the company said in a regulatory filing with the Maine Attorney General’s Office, was identified on March 25 and required an “extensive technical investigation”.

“Through this work, we discovered some unauthorized access to and potential disclosure of protected health information and/or personally identifiable information stored in an unstructured data repository outside our core systems,” HealthEquity said.

According to the company, the data was exposed after attackers compromised a vendor’s user accounts that had access to the online repository, gaining access to the information stored there.

“We took immediate actions including disabling all potentially compromised vendor accounts and terminating all active sessions; blocking all IP addresses associated with threat actor activity; and implementing a global password reset for the impacted vendor,” the company said.

Depending on the individual, the impacted personally identifiable information (PII) and protected health information (PHI) may include name, address, phone number, Social Security number, employee ID, employer, dependent information, and payment card information.

HealthEquity also said that the compromised data mainly included sign-up information for the accounts and benefits it administers.

The company did not name the compromised vendor, but told the Maine AGO that it will mail notification letters to roughly 4.3 million people starting August 9.

Advertisement. Scroll to continue reading.

HealthEquity is providing the impacted individuals with two years of free credit identity monitoring, insurance, and restoration services and is encouraging them to monitor their accounts for suspicious activity.

“We are not aware of any actual or attempted misuse of information because of this incident to date,” the company said.

Related: 57,000 Patients Impacted by Michigan Medicine Data Breach

Related: MediSecure Data Breach Impacts 12.9 Million Individuals

Related: MarineMax Notifying 123,000 of Data Breach Following Ransomware Attack

Related: MNGI Digestive Health Data Breach Impacts 765,000 Individuals

This post was originally published on this site

More Articles

Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.