On July 2, 2024, HealthEquity filed a notice of data breach with the Securities and Exchange Commission after discovering that an unauthorized party was able to access confidential information in the company’s possession. In this notice, HealthEquity explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their protected health information. Upon completing its investigation, HealthEquity began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you receive a data breach notification from HealthEquity, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the HealthEquity data breach. For more information, please see our recent piece on the topic here.

What Caused the HealthEquity Data Breach?

The HealthEquity data breach was only recently announced, and more information is expected in the near future. However, HealthEquity’s filing with the Securities and Exchange Commission provides some important information on what led up to the breach. According to this source, earlier this year, HealthEquity detected unusual activity by a personal device belonging to one of HealthEquity’s business partners. In response, HealthEquity isolated the device and launched an investigation to learn more about the incident.

Through this investigation, HealthEquity learned that the Partner’s account had been compromised by an unauthorized party, who used the device to access confidential information belonging to certain consumers.

After learning that sensitive consumer data was accessible to an unauthorized party, HealthEquity reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your protected health information.

Since then, HealthEquity has confirmed that this was an isolated incident, and not related to any of the other large healthcare industry data breaches over the past months.

HealthEquity notified the Securities and Exchange Commission of the breach on July 2, 2024. In this notice, HealthEquity explains that it has begun notifying members who were affected by the incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About HealthEquity

Founded in 2002, HealthEquity is a business services company headquartered in Draper, Utah. HealthEquity serves as the custodian of Health Savings Accounts. As of July 2022, HealthEquity managed more than 7.5 million Health Savings Accounts as well as seven million other consumer-directed benefits accounts. HealthEquity is publicly traded on the Nasdaq under the symbol HQY. HealthEquity employs more than 3,126 people and generates approximately $1 billion in annual revenue.