close
close

4.3 million Americans exposed in massive health savings account data breach

Posted on by darion

Join Fox News to access this content

You have reached your maximum number of articles. Log in or create a FREE account to continue reading.

By entering your email address and clicking Continue, you agree to the Fox News Terms of Use and Privacy Policy, which includes our Financial Incentive Notice.

Please enter a valid email address.

Got a problem? Click here.

Health savings account (HSA) provider HealthEquity has suffered a major data breach that put the information of more than 4.3 million Americans at risk.

The company, which specializes in providing HSAs, flexible spending accounts (FSAs), health reimbursement plans (HRAs) and 401(k) retirement plans, confirmed that attackers stole sensitive health data by using a partner’s compromised credentials.

This includes full names, home addresses, phone numbers, employer and employee IDs, Social Security numbers, and more.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR THE KURTA NEWSLETTER – CYBERGUY REPORT HERE

data breach 1

Illustration of a hacker at work. (Kurt “CyberGuy” Knutsson)

What You Need to Know About the HealthEquity Data Breach

HealthEquity has confirmed that it has been the victim of a data breach that compromised the personal information of millions of Americans. In a July 2 Form 8-K filing, the company disclosed that hackers gained access to that sensitive medical data after using a partner’s compromised credentials.

HealthEquity learned of the systems anomaly on March 25, and the investigation continued through June 10. The company’s data breach notice reads:

“We discovered some unauthorized access and potential disclosure of protected health information and/or personal data stored in an unstructured data repository outside of our core systems. On June 26, 2024, after reviewing the data, we unfortunately determined that some of your personal data was involved.”

When it comes to notifications, the company tells us that the process of notifying customers — both businesses and individuals — is ongoing. Affected individuals will receive a notification via mail or email based on the communication preferences in their account.

The company says the affected data is account and benefit registration information it administers. The data may include information from one or more of the following categories: name, address, phone number, employee ID, employer, Social Security number, health card number, health plan member number, dependent information (general contact information only), HealthEquity benefit type, diagnoses, prescription details, payment card information (but not payment card number), and/or HealthEquity account type. Not all categories of data were affected for every member.

HealthEquity says it is unaware of any actual or attempted misuse of information due to this incident to date. We contacted HealthEquity, and a company representative provided CyberGuy with this statement:

“The entire Purple Team is committed to educating, assisting, and supporting our partners, customers, and members in light of this incident. We took immediate, proactive, and cautious action from the time we first discovered the anomaly with our third-party vendor. This included quickly resolving the issue, assembling a team of external and internal experts to investigate, and preparing for a response.

“In addition, we have filed a formal notification with the Securities and Exchange Commission, which was not required but reflects our concerns and commitment to transparent communication. We apologize for the inconvenience this incident has caused and are working to minimize disruptions and take steps to prevent this from happening in the future. Partner and customer notifications are ongoing and we appreciate the professionalism and understanding we have experienced to date.”

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

data breach 2

Illustration of hackers at work. (Kurt “CyberGuy” Knutsson)

HERE’S WHAT RUTHLESS HACKERS STOLEN FROM 110 MILLION AT&T CUSTOMERS

What actions is HealthEquity taking in response to the data breach?

HealthEquity says it has secured the affected data repository. The vendor’s user accounts that had access to the online data storage location were compromised, allowing hackers to access data stored in that location. HealthEquity has disabled all potentially compromised vendor accounts, terminated all active sessions, and blocked all IP addresses associated with the threat entity’s business. The company has also implemented a global password reset for the affected vendor.

The HSA provider has also arranged for credit identity monitoring, insurance and restoration services for those affected. These services will be available for two years, free of charge, through Equifax.

CLICK HERE FOR MORE US NEWS

data breach 3

Illustration of a hacker. (Kurt “CyberGuy” Knutsson)

WORLD’S LARGEST DATABASE OF STOLEN PASSWORDS SHARED ON CRIMINAL FORUM

8 Precautions You Should Take to Protect Yourself from a Data Breach

If you suspect you have been a victim of this data breach, please follow the steps below to protect your personal information and privacy.

1. Invest in identity theft protection: If you have been the victim of a data breach, scammers may try to impersonate you in order to gain access to your private information. The best thing you can do to protect yourself from this type of fraud is to sign up for an identity theft protection service.

Identity theft companies can monitor personal information such as your Social Security number (SSN), phone number, and email address, and notify you if it is being sold on the dark web or used to open an account. They can also help you freeze your bank accounts and credit cards to prevent further unauthorized use by criminals. See my tips and top ideas on how to protect yourself from identity theft.

2. Invest in moving services: Investing in a removal service is beneficial, especially in the wake of data breaches like the recent one HealthEquity experienced. While no service promises to remove all of your data from the Internet, having a removal service is great if you want to constantly monitor and automate the process of removing information from hundreds of sites continuously over an extended period of time. Check out my top picks for data deletion services here.

3. Place a fraud warning: Contact one of the three major credit reporting agencies (Equifax, Experian, or TransUnion) and ask them to place a fraud alert on your credit file. This will make it harder for identity thieves to open new accounts in your name without verification.

4. Be careful with phishing attempts: Be wary of emails, phone calls, or messages from unknown sources that ask for personal information. Avoid clicking on suspicious links or providing sensitive information unless you can verify the legitimacy of the request.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

The best way to protect yourself from clicking on malicious links that install malware that can access your private information is to install antivirus protection on all your devices. It can also alert you to any phishing emails or ransomware scams Check out my picks for the best antivirus protection in 2024 for Windows, Mac, Android, and iOS devices.

5. Check your social security benefits: It is important to check your Social Security benefits periodically to make sure they have not been changed or altered in any way. This is to protect your financial security and prevent potential fraud.

6. Change your password: You can make a stolen password useless to thieves by simply changing it. Choose a strong password—one that you don’t use anywhere else. Furthermore, consider allowing password manager generate it for yourself.

7. Be careful with messages sent through your email box: Malicious actors may also try to scam you using snail mail. A data breach gives them access to your address. They may impersonate people or brands you know and use topics that require urgent attention, such as missed deliveries, account suspensions, and security alerts.

8. Contact the U.S. Federal Trade Commission: If you discover any unauthorized transactions on any of your financial accounts, you should immediately notify the appropriate card company or financial institution. If you discover any cases of identity theft or fraud, immediately report them to local law enforcement, your state attorney general, and the Federal Trade Commission.

PHARMACEUTICAL GIANT’S DATA BREACH EXPOSES SENSITIVE PATIENT INFORMATION

Kurt’s Key Takeaways

The HealthEquity data breach highlights the need for strong cybersecurity practices, especially when it comes to protecting personal and health information. If you have been affected by this breach, it is important to take action. Monitor your accounts and personal information for any unusual activity. Staying vigilant can help protect you from identity theft and financial fraud.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Are you confident that HealthEquity is taking steps to protect your information in the future? Let us know by writing to us at Cyberguy.com/Contact

For more tech tips and security alerts, sign up for my free CyberGuy Report newsletter by going to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to CyberGuy’s most frequently asked questions:

Copyright 2024 CyberGuy.com. All rights reserved.