HealthEquity

HealthEquity has notified individuals potentially impacted by a security incident.

A single employee’s email account was accessed by an unauthorized individual that has culminated in the disclosure of protected health information.

As soon as HealthEquity discovered the incident, the unauthorized individual’s access to the mailbox was eliminated and an investigation was initiated to determine the nature and scope of the event.

HealthEquity confirmed that only one email account belonging to a single HealthEquity employee was compromised as a result of human error.

No other HealthEquity systems were impacted or affected.

The email account contained protected health information including names, emails, HealthEquity member IDs, employer names, HealthEquity employer IDs, and healthcare account type, deduction amounts, and Social Security numbers for some Michigan-based employees.

Source: https://www.clickondetroit.com/health/2018/06/13/healthequity-reports-email-breach-that-compromised-health-information/

TPRM report: https://scoringcyber.rankiteo.com/company/healthequity

"id": "hea12299822",
"linkid": "healthequity",
"type": "Data Leak",
"date": "06/2018",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Healthcare',
                        'name': 'HealthEquity',
                        'type': 'Company'}],
 'attack_vector': 'Email Account Compromise',
 'data_breach': {'personally_identifiable_information': ['Names',
                                                         'Emails',
                                                         'HealthEquity member '
                                                         'IDs',
                                                         'Employer names',
                                                         'HealthEquity '
                                                         'employer IDs',
                                                         'Healthcare account '
                                                         'type',
                                                         'Deduction amounts',
                                                         'Social Security '
                                                         'numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Protected Health Information',
                                              'Personally Identifiable '
                                              'Information']},
 'description': 'A single employee’s email account was accessed by an '
                'unauthorized individual that has culminated in the disclosure '
                'of protected health information.',
 'impact': {'data_compromised': ['Names',
                                 'Emails',
                                 'HealthEquity member IDs',
                                 'Employer names',
                                 'HealthEquity employer IDs',
                                 'Healthcare account type',
                                 'Deduction amounts',
                                 'Social Security numbers'],
            'systems_affected': "Single Employee's Email Account"},
 'initial_access_broker': {'entry_point': 'Email Account'},
 'investigation_status': 'Completed',
 'post_incident_analysis': {'root_causes': 'Human Error'},
 'response': {'communication_strategy': 'Notified potentially impacted '
                                        'individuals',
              'containment_measures': 'Eliminated unauthorized individual’s '
                                      'access to the mailbox'},
 'threat_actor': 'Unauthorized Individual',
 'title': 'HealthEquity Email Account Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Human Error'}