On December 18, 2024, HealthEquity filed a notice of data breach with the Attorney General of Massachusetts after discovering that certain accounts were compromised by malicious actors. In this notice, HealthEquity explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names and protected health information. Upon completing its investigation, HealthEquity began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from HealthEquity, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the HealthEquity data breach. For more information, please see our recent piece on the topic here.
What Caused the HealthEquity Data Breach?
The HealthEquity data breach was only recently announced, and more information is expected in the near future. However, HealthEquity’s filing with the Attorney General of Massachusetts provides some important information on what led up to the breach.
According to this source, HealthEquity is a third-party administrator for certain plans offered by employers. Recently, HealthEquity identified suspicious activity within certain accounts. In response, HealthEquity immediately secured the affected accounts and prevented any activity until it could confirm it as legitimate. HealthEquity also launched an investigation to learn more about what happened and what, if any, information may have been compromised.
Through its investigation, HealthEquity confirmed that an unknown party obtained personal information to pass the identity verification process and access the compromised accounts. Notably, the unauthorized party did not obtain users’ information from HealthEquity.
After learning that sensitive consumer data was accessible to an unauthorized party, HealthEquity reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name and claims information that is associated with your account.
On December 18, 2024, HealthEquity sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About HealthEquity
HealthEquity is a financial services company specializing in health savings accounts (“HSAs”) and other consumer-directed benefits. Headquartered in Draper, Utah, the company provides HSA administration, flexible spending accounts (“FSAs”), health reimbursement arrangements (“HRAs”), and commuter benefits to individuals, employers, and healthcare providers. The organization employs approximately 3,126 people and generates an estimated $1.1 billion in annual revenue.
