Application security, Malware, Phishing

HealthEquity breach exposes PII of 23,000 customers

About 23,000 accounts have been compromised by a data breach that took place at HealthEquity when an employee fell for a phishing scam.

The incident took place on April 11 and was first noticed by the company two days later, reported and stems from a single staffer email account being compromised by a malicious actor. That email account has been eliminated and a forensic investigation is now underway. Health Data Management is stating no other HealthEquity systems were affected.

"HealthEquity is committed to protecting the privacy of our employers and members, and we sincerely regret this recent event. In response to this incident, we have implemented enhanced security measures, heightened monitoring of impacted accounts and provided additional training for our team members. While we have no evidence to indicate actual or attempted misuse of information, we are offering free identity theft and credit monitoring services to impacted individuals," Joel Johnson, HealthEquity's senior VP of Audit and risk management, told SC Media.

The exposed information included employee names, HealthEquity member IDs, employer names, HealthEquity employer IDs, deduction amounts and Social Security numbers for some employees in the two Michigan-based companies that first reported being affected by the breach.

"The biggest risk for those affected is identity theft, given that social security numbers were compromised. HealthEquity seems to realize this fact, and as offered identity theft monitoring services in addition to the usual credit monitoring. The fact that this breach was detected 2 days after it occurred is notable, and a sign that HealthEquity was paying attention,” said Tim Erlin, Tripwire's VP of product management and strategy.

The Utah-based company manages health savings accounts, flexible savings accounts, 401(k) accounts and health reimbursement arrangements for about 40,000 companies."

"One tip for organizations is to treat their IT security as they would physical security—that is, installing privileged access controls to that they're only granting access to exactly what the user needs within the network, and closing off areas that they aren't permitted to access," recommended Sam Elliott, Bomgar's director of security product management.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.