Health Savings Account (HSA) provider HealthEquity experienced a massive data breach that put the information of over 4.3 million Americans at risk.
The company, which specializes in offering HSAs, Flexible Spending Accounts (FSAs), Health Reimbursement Agreements (HRAs) and 401(k) retirement plans, confirmed that threat actors used compromised credentials of partners to steal sensitive health data.
This includes your name, home address, phone number, employer and employee ID, and social security number.
For security alerts and expert tips, sign up for KURT’s newsletter, The Cyberguy Report.
What you need to know about the HealthEquity data breach
HealthEquity confirmed The company suffered a data breach that exposed the personal information of millions of Americans. 8-K filed The company revealed on July 2 that hackers had accessed this sensitive health data using compromised credentials of one of its partners.
HealthEquity noticed the anomaly in its systems on March 25, and the investigation continued until June 10. The company’s data breach notice stated:
“We discovered unauthorized access and potential exposure of protected health information and/or personally identifiable information stored in unstructured data repositories outside of our core systems. After reviewing the data on June 26, 2024, we unfortunately determined that some of our customers’ personal information was implicated.”
In terms of notification, the company said the process of notifying both business and individual customers is ongoing. Affected individuals will be notified via mail or email based on their account communication preferences.
According to the company, the affected data was account and benefit enrollment information managed by the company. The data may include one or more categories of information, such as first name, last name, address, phone number, employee ID, employer, Social Security number, health insurance card number, health plan member number, dependent information (general contact information only), HealthEquity benefit type, diagnosis, prescription details, payment card information (not including payment card numbers), and HealthEquity account type. Not all data categories for all members were affected.
HealthEquity says it is not aware of any misuse or attempted misuse of information as a result of this incident to date. We reached out to HealthEquity, and a company representative provided the CyberGuy with the following statement:
“The entire Purple Team has been committed to educating, assisting and supporting our partners, clients and members throughout this incident. Since first discovering the anomaly with our third-party vendor, we have taken swift, proactive and deliberate action, including quickly resolving the issue, assembling a team of external and internal experts to investigate, and preparing our response.”
“In addition, we have filed a formal notice with the Securities and Exchange Commission. While this is not required, it demonstrates our concern and commitment to transparent communication. We regret any inconvenience caused by this incident and are taking steps to minimize disruption and prevent this from happening in the future. Notification to partners and clients is currently in progress and we appreciate the professionalism and understanding we have received to date.”
How to remove your personal information from the internet
What ruthless hackers stole from 110 million AT&T customers
How is HealthEquity responding to the data breach?
HealthEquity says it has secured affected data repositories. Vendor user accounts with access to online data storage locations were compromised, allowing hackers to access data stored at those locations. HealthEquity disabled all potentially compromised vendor accounts, terminated all active sessions, and blocked all IP addresses associated with the threat actor’s activity. It also conducted a global password reset for affected vendors.
HSA providers have also arranged credit ID monitoring, insurance and restoration services for those affected, which are available free of charge for two years through Equifax.
Click here to read more US news
World’s largest database of stolen passwords uploaded to crime forum
8 steps to protect yourself from a data breach
If you believe you have been affected by this data breach, please follow these steps to protect your personal data and privacy:
1. Invest in identity theft protection: If you are the victim of a data breach, scammers may try to impersonate you to access your personal information, and the best thing you can do to protect yourself from this type of scam is to subscribe to an identity theft service.
Identity theft companies monitor personal information like Social Security numbers (SSNs), phone numbers, and email addresses to alert you if it’s being sold on the dark web or used to open accounts. They can also help you freeze bank and credit card accounts to prevent further fraud by criminals. Check out our tips and best choices for protecting yourself against identity theft.
2. Invest in removal services: Investing in a removal service can be beneficial, especially after a data breach like the one HealthEquity recently experienced. While no service promises to remove all your data from the internet, a removal service can be useful if you want to constantly monitor and automate the process of continually removing information from hundreds of sites over a long period of time. Check out my recommendations for data deletion services here.
3. Issue a fraud alert: Contact one of the big three credit reporting agencies (Equifax, Experian, or TransUnion) and ask them to place a fraud alert on your credit file. This will make it harder for identity thieves to open new accounts in your name without verification.
4. Beware of phishing scams: Be wary of emails, phone calls, and messages from unknown sources asking for personal information. Don’t click on suspicious links or provide sensitive information unless you can verify the legitimacy of the request.
Click here to get FOX Business on the go
The best way to protect yourself from clicking on malicious links that install malware that can access your personal information is to have antivirus protection installed on all your devices, which will also alert you to phishing emails and ransomware scams. Get my picks for the winners of the best antivirus protection of 2024 for Windows, Mac, Android and iOS devices.
5. Check your Social Security benefits: It’s important to regularly check your Social Security benefits to make sure they haven’t been tampered with or altered to protect your financial security and prevent potential fraud.
6. Change your password. You can render a stolen password useless to a thief by simply changing it. Choose a strong password that you don’t use anywhere else. Even better, Password Manager Generated automatically.
7. Be careful with mailbox communicationBad actors can also commit mail fraud. Data leaks give them access to your address. They can impersonate people or brands you know and use themes that require urgent action, such as delivery delays, account suspensions, and security alerts.
8. Contact the Federal Trade Commission: If you notice any unauthorized transactions on any of your financial accounts, immediately notify the appropriate payment card company or financial institution. If you discover any identity theft or fraudulent activity, immediately contact your local law enforcement agency, your state Attorney General, and your local financial institution. Federal Trade Commission.
Confidential patient information exposed in data breach at major pharmaceutical company
Important points about the cart
The HealthEquity data breach highlights the need for strong cybersecurity measures, especially when it comes to protecting personal and health information. If you were affected by this breach, it’s important to take action. Monitor your accounts and personal information for any unusual activity. Remaining vigilant will help protect you from identity theft and financial fraud.
Click here to get the FOX News app
Are you confident about the measures HealthEquity will take to protect your data going forward? Contact us below. Cyberguy.com/Contact Us
If you want to receive more of my tech tips and security alerts, subscribe to the free CyberGuy Report newsletter at the link below. Cyberguy.com/Newsletter
Have a question for Kurt or tell us the story you’d like to see featured?.
Follow Kurt on his social channels:
Answers to the CyberGuy’s most frequently asked questions:
Copyright 2024 CyberGuy.com. All Rights Reserved.