HealthEquity, a health tech services provider, revealed in a filing with federal regulators on Tuesday that it experienced a data breach where hackers accessed the “protected health information” of some customers.
According to an 8-K filing with the SEC, the company detected suspicious activity on a partner’s personal device, leading them to discover that the partner’s account had been compromised, allowing unauthorized access to member information.
In a follow-up with TechCrunch on Wednesday, HealthEquity clarified that this breach was an isolated incident not related to other recent breaches in the healthcare industry. The company responded promptly to the breach, initiating data forensics, and collaborating with external and internal experts to investigate and address the issue.
The breach, detected on March 25, involved a compromised third-party vendor account accessing some of HealthEquity’s SharePoint data, as stated by company spokesperson Amy Cerny.
Contact Us
Do you have more information about the HealthEquity breach? You can securely contact Lorenzo Franceschi-Bicchierai on Signal at +1 917 257 1382, or via Telegram, Keybase, and Wire @lorenzofb, or email. You can also reach out to TechCrunch via SecureDrop.
SharePoint, a suite of Microsoft tools, enables companies to create websites, store, and share internal information, functioning like an intranet.
Cerny reassured that the breach did not affect transactional systems and that HealthEquity is communicating with partners, clients, and members, while collaborating with authorities and experts to enhance security measures.
When asked about the specific data stolen, the number of affected individuals, and the involved partner, Cerny declined to provide further details in a response to TechCrunch.
Earlier this year, HealthEquity reported administering HSAs and other CDBs for over 15 million accounts in partnership with various organizations.
