Yet another top US healthcare service provider has been hacked, with patient data exposed

News
By
published

HealthEquity lost data through a third party

Best practice management software
Image Credit: Pixabay (Image credit: Image Credit: Pixabay)

Following the likes of ChangeHealthcare, Kaiser, Cencora, and several others during the past few months, another major US healthcare service has reported suffering a cyberattack that resulted in the theft of sensitive patient data. 

This latest victim is HealthEquity, which was on the receiving end of an apparent supply chain attack. In an 8-K form, filed with the US Securities and Exchange Commission (SEC) earlier this week, HealthEquity reported how earlier this year, as it was routinely monitoring its systems, it discovered “anomalous behavior by a personal use device belonging to a business partner.”

As it turned out, a partner of the company had its personal device compromised, and used by the threat actors to access HealthEquity systems and thus, sensitive patient data. 

Missing details

“The accessed information included some personally identifiable information, which in some cases is considered protected health information, pertaining to certain of our members,” the form reads. After accessing the information, the hackers extracted it to their own servers, HealthEquity confirmed.

The company has decided not to share details about the breach at this time, so we don’t know how many people were affected, who the threat actors were, if they demanded a payment in exchange for the data, or what kind of information they lost.

The company did tell TechCrunch that “some of HealthEquity’s SharePoint data” was taken in the breach. 

Microsoft SharePoint is a web-based collaboration and document management platform, designed to help organizations store, manage, and share information securely within a centralized framework. 

Following the breach, HealthEquity notified its partners and clients, as well as individual members whose data may have been involved. It is also offering credit monitoring and identity theft protection services. 

Since this was not a ransomware attack, and did not happen on the company’s infrastructure, HealthEquity does not expect the incident to have a material impact on its business, it concluded.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
ID theft
Over a million patients potentially hit after another US healthcare provider hit by cyberattack
ransomware avast
The biggest addiction treatment provider in the US says it was hit by data breach
Lock on Laptop Screen
United Healthcare data breach may have affected 190 million Americans
healthcare
Top US health provider tells 882,000 patients they were hit in August 2023 breach
An abstract image of padlocks overlaying a digital background.
US healthcare giant Ascension says ransomware attack affected nearly six million customers
healthcare
Almost a million ConnectOnCall users may have had data stolen by hackers
Latest in Security
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in News
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
Bang & Olufsen Beogram 4000C Saint Laurent Rive Droite Edition
Bang & Olufsen's latest reworked turntable is a masterpiece of retro revival, in a breathtaking wooden presentation box
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
More about security
A graphic showing fleet tracking locations over a city.

Lost & Found tracking site hit by major data breach - over 800,000 could be affected
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.

Microsoft Teams and other Windows tools hijacked to hack corporate networks
Daredevil standing in somebody's underground lair in Daredevil: Born Again season 1

Daredevil: Born Again is a fearless Disney+ revival of the best Netflix Marvel TV show that continues to restore my faith in the MCU
See more latest
Most Popular
A business woman looking at AI on a transparent screen
Businesses are facing an "AI Divide" - which could be the difference between success and failure
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Apple Vision Pro with Dassault Systèmes 3DEXPERIENCE platform
Dassault Systèmes teams up with Apple to use Vision Pro headsets to bring spatial CAD to life
Samsung 18.1-inch foldable OLED monitor
Samsung has launched a flexible portable monitor complete with a briefcase, one that seems to come straight from a James Bond movie
GenMachine Zhi mini pc
This is the smallest AMD PC I've ever seen: mysterious manufacturer uses Ryzen 3 APU with surprising results
Beelink ME Mini
One of our favorite mini PC vendors has launched a NAS that looks a bit like Apple's PowerMac G4 Cube PC - but way smaller
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Maserati MC20 Autonomous
This AI-driven Maserati just hit 197.7mph without a human behind the wheel
AI data center
Is Microsoft hesitating on AI? Days after CEO said it would be upping capacity, analyst claims tech giant has actually cancelled data center leases