Leading health and financial tech services company HealthEquity has been hacked. The organization made this known to federal regulators in a Tuesday, July 2, 2024 filing. As a result of the breach, the company said it lost “protected health information” of a number of customers.
After its investigation, HealthEquity was able to find out and reveal how it happened.
Who Is HealthEquity?
HealthEquity is a non-bank health savings trustee that came on board in 2014 with Jon Kessler as its founder. The organization is the custodian of all health savings accounts in all financial institutions.
As a health services account administrator, HealthEquity provides account holders with various healthcare account management solutions. Such products include a cloud-based platform to help account holders make spending and savings decisions, compare healthcare options, and receive customized clinical information.
The Health Data Breach Report
HealthEquity detected the security breach on March 25. Following detection, the organization launched remedial actions to contain the situation. Thereafter, they conducted a detailed analysis to determine what caused the breach.
The company also had to report the breach to the Securities and Exchange Commission (SEC). In the SEC filing, the company indicated the suspected source of the hack.
The Attack Came Through a Business Partner
HealthEquity stated in its report that it detected suspicious activity on a business partner’s device. According to the filing, hackers had compromised this device and gained access to confidential health information.
According to Amy Cerny, HealthEquity’s spokesperson, the breach was an “isolated incident” that had nothing to do with the slew of recent health data breaches that have made the news.
SharePoint Data
The company further disclosed that the compromise led to the theft of “some of HealthEquity’s SharePoint data.”
SharePoint is a set of tools designed by Microsoft. This tool enables organizations to build websites and provides a platform for sharing and storing information. As soon as the hackers accessed HealthEquity’s systems, they invaded this information-sharing architecture.
ALSO READ: Health Benefits of Carrots According to Nutritionists
What Sort of Information Could the Hackers Have Accessed?
The breach may have exposed some information, including first and last names and dates of birth. Other information includes medical record numbers, diagnoses, prescription information, health insurance information, financial information, and, alarmingly, Social Security numbers.
According to the company’s statement, “Affected individuals may have been impacted differently, and not all of the listed elements were present for each individual.”
Managing the Damage
Cerny disclosed that the organization took proactive steps to reach out to affected partners and clients about the issue. They opened up to these affected persons and, of course, assured them of their commitment to dealing with the issue.
However, HealthEquity has declined to state the exact number of affected people and has avoided providing more specific details about the incident.
How Many Accounts Could Be Involved?
To get a glimpse into the possible number of personal records that the data breach could have affected, let us see how large HealthEquity is.
Earlier in the year, HealthEquity told the public that its branches “Administer HSAs and other CDBs (Consumer Directed Benefits) for our more than 15 million accounts.” This means that millions, if not tens of millions, of accounts could potentially have been compromised.
This Wasn’t the First Incident
In June 2024, news broke that HealthEquity had suffered a cyber attack. A hacker used a phishing email to gain access to and steal the login credentials of 53 public health employees.
Unfortunately, this incident put the personal information of over 200,000 Los Angeles County residents at potential risk. Like this one, HealthEquity doesn’t believe it will affect its operations as the attack didn’t happen on the organization’s infrastructure.
ALSO READ: Massive Healthcare Breach Exposes Data of One-Third of Americans
The Worrying Frequency of Health Data Breaches
Aside from finance-leaning organizations such as HealthEquity, data compromise has been a major issue among mainstream health service providers. According to the Department of Health and Human Services, in the first half of 2024 alone, there were at least 341 reported data breaches, which affected over 31 million Americans.
In fact, federal records also show that from 2010 to 2022, health data breaches exposed over 385 million patient records.
Healthcare Data Breaches of 2024
Change Healthcare, a subsidiary of UnitedHealth Group, and Ascension suffered some of the biggest data hacks in 2024. Change Healthcare found out about the breach in February, while Ascension suffered its attack in May.
The exact number of data casualties is still unknown. However, Change Healthcare says the number of affected persons “could cover a substantial portion of people in America.”
Why Are Health-Related Organizations Especially Vulnerable?
Is there a reason why health data breaches are prominent? Wes Wright, Ordr. Incorporated’s Chief Healthcare Officer has provided a convincing reason.
He disclosed that healthcare data services providers are especially prone to attacks due to the large number of digital health records. He also reserved some blame for organizations he believes haven’t been thorough in their data storage practices.
You Might Also Like:
90s Music Legend Shifty Shellshock Dies at 49
Health Benefits of Carrots According to Nutritionists
Adult Film Actress Accuses Sean Diddy Combs of sexual assault and Sex Trafficking
Karen & Deon Derrico Divorce After Moving to Their Dream House
Alex Jones’s Infowars Media Platform to be Shut Down Amid Settlement Debt
