Healthcare fintech firm HealthEquity is warning that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information.
The Company says it detected the compromise after detecting 'anomalous behavior' from a partner's personal device and launched an investigation into the incident.
The investigation revealed that the partner had been compromised by hackers who leveraged the hijacked account to gain unauthorized access to HealthEquity's systems and, later, exfiltrate sensitive health data.
HealthEquity specializes in providing health savings account services and other consumer-directed benefits solutions, including flexible spending accounts, health reimbursement arrangements, and 401(k) retirement plans.
It is one of the largest HSA custodians in the United States, managing millions of HSA, FSA, HRA, and other benefit accounts, and working with numerous employers and health plans.
The exact impact and number of people affected by the security incident haven't been disclosed, though HealthEquity says it has begun notifying impacted individuals.
The Company also promised to offer complimentary credit monitoring and identity restoration services to mitigate the risk for exposed people.
HealthEquity's internal investigation has not produced evidence that malware was dropped on its systems, and there have been no technical interruptions.
All business operations and services remain fully available.
The Company is currently evaluating the incident's impact and the cost of its response efforts but noted that it does not believe the incident will have a material effect on its business or financial results.
Sav-Rx discloses data breach impacting 2.8 million Americans.
Cencora data breach exposes US patient info from 11 drug companies.
WebTPA data breach impacts 2.4 million insurance policyholders.
MediSecure e-script firm hit by 'large-scale' ransomware data breach.
Infosys McCamish says LockBit stole data of 6 million people.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 03 Jul 2024 19:35:23 +0000