On November 17, 2018, HealthEquity, Inc. submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS). This is their second reported HIPAA Email Breach this year alone.
SEE RELATED: HealthEquity, Inc. Suffers HIPAA Email Breach
Based in Draper, Utah, HealthEquity's second email breach in 2018 affected 165,800 individuals’ protected health information. HealthEquity is classified as a Business Associate. According to a recent report on DataBreaches.net:
HealthEquity is committed to protecting the privacy of the individuals we serve. We sincerely regret this recent attack. While the results of our forensic investigation have found no evidence of actual or attempted misuse of the information, we are offering five years of free identity theft and credit monitoring services to all affected individuals. We are also implementing additional security protocols to help prevent this from occurring in the future. While the attack was limited to access through two Microsoft Outlook 365 email accounts and none of HealthEquity’s systems were accessed or impacted, we continue to be vigilant and proactive in protecting the personal information of the individuals we serve. Through a third-party forensic research team, we have discovered that approximately 190,000 may have been impacted. We have begun notifying these individuals and offering 5-year credit monitoring services.