Leading health and financial tech services company HealthEquity has been hacked. The organization made this known to federal regulators in a Tuesday, July 2, 2024 filing. As a result of the breach, the company said it lost “protected health information” of a number of customers.
After its investigation, HealthEquity was able to find out and reveal how it happened.
Who Is HealthEquity?
HealthEquity is a non-bank health savings trustee that came on board in 2014 with Jon Kessler as its founder. The organization is the custodian of all health savings accounts in all financial institutions.
As a health services account administrator, HealthEquity provides account holders with various healthcare account management solutions. Such products include a cloud-based platform to help account holders make spending and savings decisions, compare healthcare options, and receive customized clinical information.
The Health Data Breach Report
HealthEquity detected the security breach on March 25. Following detection, the organization launched remedial actions to contain the situation. Thereafter, they conducted a detailed analysis to determine what caused the breach.
The company also had to report the breach to the Securities and Exchange Commission (SEC). In the SEC filing, the company indicated the suspected source of the hack.
ALSO READ: FBI Warns Against Russian Hackers Launching Stealthy Cyberattacks in the US
The Attack Came Through a Business Partner
HealthEquity stated in its report that it detected suspicious activity on a business partner’s device. According to the filing, hackers had compromised this device and gained access to confidential health information.
According to Amy Cerny, HealthEquity’s spokesperson, the breach was an “isolated incident” that had nothing to do with the slew of recent health data breaches that have made the news.
SharePoint Data
The company further disclosed that the compromise led to the theft of “some of HealthEquity’s SharePoint data.”
SharePoint is a set of tools designed by Microsoft. This tool enables organizations to build websites and provides a platform for sharing and storing information. As soon as the hackers accessed HealthEquity’s systems, they invaded this information-sharing architecture.
What Sort of Information Could the Hackers Have Accessed?
The breach may have exposed some information, including first and last names and dates of birth. Other information includes medical record numbers, diagnoses, prescription information, health insurance information, financial information, and, alarmingly, Social Security numbers.
According to the company’s statement, “Affected individuals may have been impacted differently, and not all of the listed elements were present for each individual.”
Managing the Damage
Cerny disclosed that the organization took proactive steps to reach out to affected partners and clients about the issue. They opened up to these affected persons and, of course, assured them of their commitment to dealing with the issue.
However, HealthEquity has declined to state the exact number of affected people and has avoided providing more specific details about the incident.
POLL—Should Laws Be Enacted To Protect LGBTQ+ Individuals From Workplace Discrimination?
How Many Accounts Could Be Involved?
To get a glimpse into the possible number of personal records that the data breach could have affected, let us see how large HealthEquity is.
Earlier in the year, HealthEquity told the public that its branches “Administer HSAs and other CDBs (Consumer Directed Benefits) for our more than 15 million accounts.” This means that millions, if not tens of millions, of accounts could potentially have been compromised.
This Wasn’t the First Incident
In June 2024, news broke that HealthEquity had suffered a cyber attack. A hacker used a phishing email to gain access to and steal the login credentials of 53 public health employees.
Unfortunately, this incident put the personal information of over 200,000 Los Angeles County residents at potential risk. Like this one, HealthEquity doesn’t believe it will affect its operations as the attack didn’t happen on the organization’s infrastructure.
The Worrying Frequency of Health Data Breaches
Aside from finance-leaning organizations such as HealthEquity, data compromise has been a major issue among mainstream health service providers. According to the Department of Health and Human Services, in the first half of 2024 alone, there were at least 341 reported data breaches, which affected over 31 million Americans.
In fact, federal records also show that from 2010 to 2022, health data breaches exposed over 385 million patient records.
WATCH: Catholic High School Set to Pay $1 Million to White Students It Expelled for “Blackface”
Healthcare Data Breaches of 2024
Change Healthcare, a subsidiary of UnitedHealth Group, and Ascension suffered some of the biggest data hacks in 2024. Change Healthcare found out about the breach in February, while Ascension suffered its attack in May.
The exact number of data casualties is still unknown. However, Change Healthcare says the number of affected persons “could cover a substantial portion of people in America.”
Why Are Health-Related Organizations Especially Vulnerable?
Is there a reason why health data breaches are prominent? Wes Wright, Ordr. Incorporated’s Chief Healthcare Officer has provided a convincing reason.
He disclosed that healthcare data services providers are especially prone to attacks due to the large number of digital health records. He also reserved some blame for organizations he believes haven’t been thorough in their data storage practices.
You Might Also Like:
Boeing Avoids Harsher Penalties, Pleads Guilty to Conspiracy Charge
“I’ve Been Silenced!” Bebe Rexha Rages Against the Music Industry
Kate Middleton’s Uncle Apologizes for Blasting Meghan Markle in Interview
Trump Narrows List of Potential Running Mates to Three
Gigi Hadid and Bradley Cooper’s Relationship Grows Stronger After Nine Months Together