Major U.S. healthcare fintech firm HealthEquity has disclosed having some of its members' personally identifiable data and protected health information exfiltrated following the breach of an account belonging to a third-party business partner earlier this year, according to The Cyber Express.
Despite the theft of data from the partner's systems, operations at HealthEquity have continued as there has been no evidence suggesting additional systems compromise, said the firm in a filing with the U.S. Securities and Exchange Commission. No further information regarding the third-party breach was provided but a recent statement from the Kentucky Gov. Andy Beshear detailed a May notification from HealthEquity regarding fraudulent updates impacting nearly 450 Kentucky Employees' Health Plan members. "Immediately upon becoming aware of this potential fraud event, HealthEquity locked all affected member accounts, removed any unauthorized profile changes, and suspended the ability to edit account login information," said Beshear, who also noted HealthEquity's ongoing efforts to bolster accounts security.
