Health Equity Breach Compromised 23,000

By:  |  Category: Blog, Security Wednesday, June 27th, 2018  |  No Comments
Health Equity Breach

Sometimes it feels like companies are handing out credit monitoring like candy. After your personal data has been compromised the credit monitoring “gift” is your consolation prize.

The next company to fall into the hands of hackers this week was Health Equity-a company that manages millions (3.4 to be exact) of health savings accounts (HSAs). Two months ago, Health Equity fell to a data breach where the information of 23,000 clients was compromised.

The hackers got in through the email account of a Health Equity employee on April 11th. Only two days later, the breach was discovered, and the Utah-based company immediately deleted the mailbox and reached out to a forensics firm. HealthEquity is offering five years of credit monitoring and identity theft protection in response to the incident.

According to Health Data Management, the information compromised through the hacked email account included names of members, member IDs, names of their employers and their employers’ HealthEquity IDs. Also included were records of healthcare accounts, deduction amounts and Social Security numbers for some Michigan employees.

“The healthcare industry is a growing target for cyber-attacks because of the highly valuable information stored within these organizations,” said Tim Erlin, VP product management and strategy, Tripwire.

“The biggest risk for those affected is identity theft, given that Social ecurity numbers were compromised,” Erlin continued. “HealthEquity seems to realize this fact and as offered identity theft monitoring services in addition to the usual credit monitoring. The fact that this breach was detected two days after it occurred is notable and a sign that HealthEquity was paying attention.”

Cyware reported on June 15th, “One of the many troubling trends in dark web black markets is the buying and selling of PHI – protected health information. PHI typically includes social security numbers, dates of birth, names of relatives, medical procedures and results, and in some cases billing and financial information or background information such as criminal records. While posts about exploitation of medical information systems and stolen patient information are quite common, we are still sometimes surprised by certain alarming posts….

There is a dark web market vendor selling data acquired from pediatricians’ databases to fraudsters who might be interested. Selling stolen health information is only one of the things hackers do on the dark web. Healthcare systems store some of the most sensitive and private information about us, and this information is exposed to a wide range of cyber-attacks on a huge attack surface, stretching from servers that store patient data in bulk, through nursing-station desktops, to a variety of connected medical devices.”

“The fact that healthcare providers’ databases can be hacked, dumped and sold to the highest bidder (with the lowest morals), is quite troubling,” a report by Cynero states. “Healthcare systems store some of the most sensitive and private information about us, and this information is exposed to a wide range of cyber-attacks on a huge attack surface.”

If you need assistance with a comprehensive cybersecurity network solution give EnhancedTECH a call at 714-970-9330 or contact us at [email protected]

Leave a Comment
Read previous post:
Risky Domains

It's your business what you search for on the net, but it's our business to try and keep you from...