HealthEquity hit by data breach affecting 23,000 employees and customers

A firm that handles millions of health savings accounts - HealthEquity - has reportedly suffered a data breach. The attack was perpetrated by hackers who managed to compromise the email account of a HealthEquity employee and access certain data that allowed for more information to be stolen.

The compromised data includes HealthEquity member IDs as well as their employers’ names and HealthEquity member IDs. The hackers also made away with various healthcare accounts, social security numbers and more.

The attack occurred on April 11 and was discovered two days later by the firm, Health Data Management reported. HealthEquity reportedly removed access to the hacked employee’s email account upon discovering the attack. The firm also engaged the services of a forensics firm who allegedly confirmed that all other HealthEquity systems remained unaffected by the attack.

Around 23,000 users have been affected by the breach including two companies in Michigan that are clients of HealthEquity. These two firms have been offered five years of credit monitoring and identity theft protection services by HealthEquity.

The company handles the health savings accounts of nearly 3.4 million individuals. HealthEquity also manages 401(k) accounts, flexible spending accounts and health reimbursement arrangements.

“The healthcare industry is a growing target for cyber-attacks because of the highly valuable information stored within these organizations," Tim Erlin VP of product management and strategy at Tripwire told Infosecurity Magazine. “The biggest risk for those affected is identity theft, given that Social security numbers were compromised. HealthEquity seems to realize this fact and as offered identity theft monitoring services in addition to the usual credit monitoring. The fact that this breach was detected two days after it occurred is notable and a sign that HealthEquity was paying attention.”