HealthEquity Data Breach – 23000 Users’ Data Compromised

While hunting for user’s data, cyber criminals found another website worth hacking. This time, they targeted a US-based health savings company HealthEquity. Consequently the firm suffered a data breach affecting 23,000 individuals. However, the HealthEquity data breach was successfully remedied within two days of its occurrence.

HealthEquity Data Breach Affected 23K Customer Accounts

As reported on June 13, 2018, HealthEquity, a known US-based savings firm suffered a data breach two months ago. This HealthEquity data breach took place on April 11, 2018. Two days later, the officials discovered that someone was accessing the email account of a single employee from HealthEquity.

Soon after discovering, the officials suspended the account and began investigating the matter. The investigations revealed compromise of data of around 23000 individuals. Predominantly, it belonged to two Michigan-based companies working with HealthEquity. The compromised data included names of employees and employers, HealthEquity member IDs, healthcare account details, deduction amounts, and social security numbers of the employees.

No Other HealthEquity Systems Affected

Right after the incident, the company began forensic investigations to find the extent of the breach. Fortunately, all other HealthEquity systems remain secured from the incidence.

After the data breach, HealthEquity offered five years of credit monitoring and identity theft protection services to the affected companies. In this regard, Joel Johnson, Senior Vice President Audit & Risk Management says that HealthEquity cares about the security of its customers.

“That is a long time to provide credit monitoring and identity protection, as most organizations offering protection offer one year, with some providing two years. But HealthEquity wants its customers to know that their well-being is paramount.”

Tim Erlin, Vice President Product Management & Strategy at Tripwire says that healthcare sector is becoming prone to cyber attacks owing to the ‘highly valuable’ information it stores. He also appreciates the vigilance of HealthEquity to discover the data breach within two days.

“The fact that this breach was detected two days after it occurred is notable and a sign that HealthEquity was paying attention.”

HealthEquity is a non-bank health savings company based in Draper, UT. The company holds data of around 3.4 million accounts as disclosed on their website. These include Health Savings Accounts (HSA), 401(k) Retirement accounts, and Flexible Spending Accounts (FSA) along with other services for about 40,000 companies.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients