U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Healthcare fintech firm HealthEquity disclosed a data breach

Healthcare firm HealthEquity disclosed a data breach caused by a partner’s compromised account that exposed protected health information. Healthcare fintech firm HealthEquity disclosed a data breach after a partner’s compromised account was used to access its systems. The intruders have stolen protected health information from the company systems. The company discovered an anomalous behavior from […]

Signature Healthcare

Healthcare firm HealthEquity disclosed a data breach caused by a partner’s compromised account that exposed protected health information.

Healthcare fintech firm HealthEquity disclosed a data breach after a partner’s compromised account was used to access its systems. The intruders have stolen protected health information from the company systems. The company discovered an anomalous behavior from the partner’s personal device and immediately launched an investigation that led to the discovery of the security breach.

“The investigation concluded that the Partner’s user account had been compromised by an unauthorized third party, who used that account to access information. The accessed information included some personally identifiable information, which in some cases is considered protected health information, pertaining to certain of our members. The investigation further concluded that some information was subsequently transferred off the Partner’s systems.” reads the FORM 8-K filed with SEC. “The Company has taken steps to strengthen its security environment, including with respect to the compromised Partner account and the recommended actions of its incident response firm. The investigation did not find placement of malicious code on any Company systems. There has been no interruption to the Company’s systems, services, or business operations.”

HealthEquity is a leading financial technology company that specializes in administering health savings accounts (HSAs) and other consumer-directed benefits. Some key facts about HealthEquity:

As of July 2022, HealthEquity managed 7.5 million HSA accounts with $20.5 billion in assets, plus an additional 7 million other consumer-directed benefit accounts for a total of 14.5 million accounts.

The company is notifying its partners and clients, as well as identifying and notifying impacted individual members.

HealthEquity will offer complimentary credit monitoring and identity restoration services. The investigation is still ongoing and the healthcare fintech firm has yet to determine the fill impact of the incident.

“The Company does not currently believe the incident will have a material adverse effect on its business, operations, or financial results.” continues the Form 8-K.

“The Company believes it holds adequate cybersecurity insurance for this incident and will also be seeking recourse from the Partner.”

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, healthcare)