July 29, 2024 at 06:57AM
HealthEquity is notifying 4.3 million individuals about a data breach where their personal and health information was accessed. The incident was discovered on March 25, involving unauthorized access to protected health information and personally identifiable information stored outside of the company’s core systems. HealthEquity is providing affected individuals with free monitoring and restoration services.
Based on the meeting notes provided, here are the key takeaways:
– HealthEquity has experienced a data breach impacting 4.3 million individuals, involving compromised personal and health information stored in a third-party vendor’s unstructured data repository.
– The breach was identified on March 25, resulting in unauthorized access and potential disclosure of protected health information and personally identifiable information.
– Attackers compromised the vendor’s user accounts with access to the online repository, gaining access to the stored information.
– Immediate actions were taken, including disabling compromised vendor accounts, terminating active sessions, and implementing a global password reset for the impacted vendor.
– Impacted information may include name, address, phone number, Social Security number, employee ID, employer, dependent information, and payment card information.
– HealthEquity plans to mail notification letters to the affected individuals starting August 9 and is providing two years of free credit identity monitoring, insurance, and restoration services.
– The company is encouraging individuals to monitor their accounts for any suspicious activity and has not detected any actual or attempted misuse of information to date.
Let me know if you need further assistance with this information.