Top US Healthcare Provider Latest Victim in Data Breach Exposing Patient Data

By: David Donovan | Last updated: Jul 09, 2024

Another major US healthcare service has reported a cyberattack that resulted in the theft of sensitive patient data. 

This follows ChangeHealthcare, Kaiser, Cencora, and a number of others over the past few months who have experienced data leaks.


HealthEquity is the latest victim, having apparently been the target of a supply chain attack. 

Two women at a stand for HealthEquity for HQYBluesSummit

Facebook user HealthEquity

HealthEquity reported in an 8-K form that it submitted earlier this week to the US Securities and Exchange Commission (SEC) that it discovered “anomalous behavior by a personal use device belonging to a business partner” earlier this year while it was routinely monitoring its systems.


Compromised Device

As it ended up, a partner of the organization had its personal device compromised. 

HealthEquity conference with four people on stage in chairs and a screen in the background

Facebook user HealthEquity

This device was then utilized by the malicious users to get to HealthEquity systems and in this way, access sensitive patient information.

Protected Health Information

The declaration on the form reads, “The accessed information included some personally identifiable information, which in some cases is considered protected health information, pertaining to certain of our members.” 

Conference stand for HealthEquity showing different branded items

Facebook user HealthEquity

Subsequent to getting to the data, the programmers extricated it to their own servers, HealthEquity affirmed.

Unknown Details

It is not known how many people were affected, who the threat actors were, whether they demanded payment in exchange for the data, or what kind of information was lost.

Two men posing for a photo in front of HealthEquity signage at a conference

Facebook user HealthEquity

This is because the company has decided not to disclose details about the breach at this time.

SharePoint Data

TechCrunch was informed by the company that the breach resulted in the theft of “some of HealthEquity’s SharePoint data.”

HealthEquity members posing for a picture in purple shirts and balloons in the back

Facebook user HealthEquity

Microsoft SharePoint is a platform for document management and collaboration on the web that was made to help businesses securely store, manage, and share information within a centralized framework.



HealthEquity informed its partners, customers, and individual members whose data may have been compromised following the breach. 

HealthEquity opening with a man holding a large pair of scissors cutting a ribbon while other people stand next to him.

Facebook user HealthEquity

Additionally, it provides identity theft protection and credit monitoring services.


LA County

Since this was not a ransomware assault, and didn’t occur on the organization’s infrastructure, HealthEquity doesn’t anticipate that the episode should tangibly affect its business, it closed.

Echo Park Lake with Downtown Los Angeles Skyline at sunset

Wikimedia Commons user Adoramassey

Back in June it was revealed that a hacker used a phishing email to steal the login credentials of 53 public health employees, potentially exposing the personal information of more than 200,000 people in Los Angeles County.


February Breach

The first and last names, dates of birth, diagnoses, prescription information, medical record numbers, health insurance information, Social Security numbers, and other financial information of Department of Public Health clients, employees, and others may have been accessed in the February data breach.

Hollywood sign in LA during the day

Wikimedia Commons user Thomas Wolf

In a news release, the agency stated, “Affected individuals may have been impacted differently and not all of the listed elements were present for each individual.”


Affected Parties

The affected parties will receive notices via mail from the Department of Public Health. You can also call (866) 898-4312 from 6 a.m. to 5 p.m., Monday through Friday, to find out if your data was leaked.

Rodeo Drive Beverly Hills during the day with people on the street and cars

Flickr user Prayitno

Employees received a phishing email on Feb. 19 or 20, which tries to trick recipients into providing crucial information like passwords and login credentials, which led to the data breach. 


Email Accounts

According to the agency, the employees thought they were accessing a legitimate message when they clicked on a link in the email’s body.

California poppies in the Antelope Valley California Poppy Reserve during the day.

Wikimedia Commons user Boris D

In response, authorities stated that they had disabled the affected email accounts, reset devices, blocked websites that were discovered to be part of the phishing campaign, and quarantined all incoming emails that appeared suspicious.


Identity Monitoring

Through Kroll, a financial and risk advisory firm, the county is providing those affected by the breach with free identity monitoring.

Man giving a speech at a podium for a conference for Kroll

X user KrollWire

People whose clinical records were possibly accessed by the programmer ought to review them with their primary care physician to guarantee the contents are precise and haven’t been changed. 

Officials advise that individuals examine the explanation of benefits statement they receive from their insurance provider to ensure that they are aware of all billed services.