\n<\/p>\n
On Tuesday, health tech services provider HealthEquity disclosed in a filing with federal regulators that it had suffered a data breach, in which hackers stole the \u201cprotected health information\u201d of some customers.\u00a0<\/p>\n
In an 8-K filing with the SEC<\/a>, the company said it detected \u201canomalous behavior by a personal use device belonging to a business partner,\u201d and concluded that the partner\u2019s account had been compromised by someone who then used the account to access members\u2019 information.<\/p>\n On Wednesday, HealthEquity disclosed more details of the incident with TechCrunch. HealthEquity spokesperson Amy Cerny said in an email that this was \u201can isolated incident\u201d that is not connected to other recent breaches, such as that of Change Healthcare<\/a>, owned by the healthcare giant UnitedHealth. In May, UnitedHealth CEO Andrew Witty said in a House hearing that the breach affected \u201cmaybe a third\u201d of all Americans<\/a>.<\/p>\n HealthEquity detected the breach on March 25, when it \u201ctook immediate action, resolved the issue, and began extensive data forensics, which were completed on June 10.\u201d The company brought together \u201ca team of outside and internal experts to investigate and prepare for response.\u201d The investigations determined that the breach was due to the compromised third-party vendor account having access to \u201csome of HealthEquity\u2019s SharePoint data,\u201d according to Cerny.<\/p>\n \t\tDo you have more information about this HealthEquity breach? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email<\/a>.<\/a> You also can contact TechCrunch via SecureDrop<\/a>.\t<\/div>\n SharePoint<\/a> is a set of Microsoft tools that allows companies to create websites, as well as store and share internal information \u2014 essentially an intranet<\/a>.<\/p>\n Cerny also said that \u201ctransactional systems, where integrations occur, were not impacted,\u201d and that the company is notifying partners, clients and members, and has been working with law enforcement as well as experts to work on preventing future incidents.\u00a0<\/p>\n TechCrunch asked Cerny to specify what personally identifiable and \u201cprotected health\u201d information was stolen in this breach, how many people have been affected and what partner was involved. Cerny declined to answer all of these questions.\u00a0<\/p>\nContact Us<\/h4>\n