Home > Resource Center > HealthEquity, Inc. once again suffers HIPAA email breach

HealthEquity, Inc. once again suffers HIPAA email breach

  • HIPAA breaches & fines
Nov 21st 2018

by Hoala Greevy

Featured image

Share this article

LinkedIn

hipaa email breach, hipaa email data breach, paubox hipaa breach report

On November 17, 2018, HealthEquity, Inc. submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS). This is their second reported HIPAA Email Breach this year alone.

SEE RELATED: HealthEquity, Inc. Suffers HIPAA Email Breach

Based in Draper, Utah, HealthEquity’s second email breach in 2018 affected 165,800  individuals’ protected health information.

HealthEquity is classified as a Business Associate.

According to a recent report on DataBreaches.net:

HealthEquity is committed to protecting the privacy of the individuals we serve. We sincerely regret this recent attack. While the results of our forensic investigation have found no evidence of actual or attempted misuse of the information, we are offering five years of free identity theft and credit monitoring services to all affected individuals. We are also implementing additional security protocols to help prevent this from occurring in the future. While the attack was limited to access through two Microsoft Outlook 365 email accounts and none of HealthEquity’s systems were accessed or impacted, we continue to be vigilant and proactive in protecting the personal information of the individuals we serve.

Through a third-party forensic research team, we have discovered that approximately 190,000 may have been impacted. We have begun notifying these individuals and offering 5-year credit monitoring services.

HealthEquity Email Platform

We did an MX record lookup for HealthEquity and determined they are still using Microsoft 365 as their email platform.

It should be noted that Microsoft 365 was their underlying email provider for both of their HIPAA email breaches this year.

We have seen an alarming number of Microsoft 365 customers reporting HIPAA Email Breaches in 2018.

HHS Wall of Shame

The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.

As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.

HIPAA Breach Report

The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.

Try Paubox Email Suite for FREE today.
Start for free

About the author

Hoala Greevy

Founder CEO Paubox. Kayak fishing when I can.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Start for free

Highest rated HIPAA compliant email solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport

View more related posts