HealthEquity, a fintech company operating in the healthcare sector, was the victim of a data breach due to the compromise of a partner’s account which allowed cybercriminals to access HealthEquity’s IT systems and steal protected health information.
The company identified the compromise of their IT systems after detecting strange behavior on the partner’s device. Upon discovering the breach, HealthEquity began investigating the incident and found that the hack was accomplished by exploiting the partner’s account, which was hijacked to access HealthEquity’s systems.
The company, which manages millions of HSA, FSA, HRA, and other retirement accounts, did not disclose the exact impact of the breach but notified the people affected.
To mitigate the effects of this attack, HealthEquity offered free credit monitoring and identity restoration services to its customers to reduce the risk of exposed people.
The company’s internal investigation found no evidence that malware was downloaded onto their systems and that no technical outages occurred.
July 3, 2024
