Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Yet another top US healthcare service provider has been hacked, with patient data exposed

Best practice management software.

Following the likes of ChangeHealthcare, Kaiser, Cencora, and several others during the past few months, another major US healthcare service has reported suffering a cyberattack that resulted in the theft of sensitive patient data. 

This latest victim is HealthEquity, which was on the receiving end of an apparent supply chain attack. In an 8-K form, filed with the US Securities and Exchange Commission (SEC) earlier this week, HealthEquity reported how earlier this year, as it was routinely monitoring its systems, it discovered “anomalous behavior by a personal use device belonging to a business partner.”

As it turned out, a partner of the company had its personal device compromised, and used by the threat actors to access HealthEquity systems and thus, sensitive patient data. 

Missing details

“The accessed information included some personally identifiable information, which in some cases is considered protected health information, pertaining to certain of our members,” the form reads. After accessing the information, the hackers extracted it to their own servers, HealthEquity confirmed.

The company has decided not to share details about the breach at this time, so we don’t know how many people were affected, who the threat actors were, if they demanded a payment in exchange for the data, or what kind of information they lost.

The company did tell TechCrunch that “some of HealthEquity’s SharePoint data” was taken in the breach. 

Microsoft SharePoint is a web-based collaboration and document management platform, designed to help organizations store, manage, and share information securely within a centralized framework. 

Following the breach, HealthEquity notified its partners and clients, as well as individual members whose data may have been involved. It is also offering credit monitoring and identity theft protection services. 

Since this was not a ransomware attack, and did not happen on the company’s infrastructure, HealthEquity does not expect the incident to have a material impact on its business, it concluded.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.