A company that handles millions of health savings accounts (HSAs) has suffered a data breach in which the information of 23,000 was compromised.
On 11 April, the email account of a HealthEquity employee was accessed by an unauthorized person. Two days later, the malicious activity was discovered, at which point the Utah-based firm – a custodian of more than 3.4 million HSAs – expunged the mailbox and contacted a forensics firm. HealthEquity has reportedly offered five years of credit monitoring and identity theft protection in response to the incident.
Health Data Management reported that the information compromised via the email account included not only the names of members but also their HealthEquity member IDs, along with the names of their employers and their employers’ HealthEquity IDs. Also included in the stolen data were various types of healthcare accounts, deduction amounts and Social Security numbers for some Michigan employees.