Following Health Insurance Portability and Accountability Act (HIPAA) breach notification guidelines, non-bank health savings trustee company HealthEquity announced that a phishing attack led to a data breach that exposed the personal healthcare information (PHI) of an estimated 23,000 subscribers. While no other company systems were affected nor further misuse of information observed, the email account contained a spreadsheet with names, email addresses, employer names, HealthEquity member IDs, healthcare account types, deduction amounts, and Social Security numbers for some Michigan-based employees.
The security breach occurred on April 11, 2018, and the unauthorized access to the employee’s mailbox was discovered and blocked two days later. HealthEquity hired a third party forensics agency to investigate the depth of the breach and found that only one account was compromised and used to send phishing emails, but have yet to confirm if the spreadsheet containing the sensitive information was downloaded. Two unidentified companies who were confirmed affected by the breach have been notified, while individual customers are being informed and are urged to subscribe to an identity protection sponsored by the company. HealthEquity also assured subscribers that they will enhance internal email systems and security training for their employees. The Utah-based company serves as custodian to over 3.4 million health savings accounts, and handles flexible spending accounts, 401(k) and health reimbursement engagements for approximately 40,000 U.S.-based companies.
Malicious actors will continue to target the healthcare industry by exploiting system vulnerabilities and security abuses for profit. Make sure that valuable personal information is secured by following these steps:
Trend Micro™ InterScan™ Messaging Security stops email threats with global threat intelligence, protects your data with data loss prevention and encryption, and identifies targeted email attacks, ransomware, and APTs as part of the Trend Micro Network Defense Solution. Its enhanced web reputation blocks emails with malicious URLs in the message body or in attachments, and it is powered by the Trend Micro™ Smart Protection Network™.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.