News: 1722260741

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Intruders at HealthEquity rifled through storage, stole 4.3M people's data

(2024/07/29)


HealthEquity, a US fintech firm for the healthcare sector, admits that a "data security event" it discovered at the end of June hit the data of a substantial 4.3 million individuals. Stolen details include addresses, telephone numbers and payment data.

The incident began in March but was only detected in June. The company said in a letter to those affected that it received an alert on March 25 about a "systems anomaly requiring extensive technical investigation and ultimately resulting in data forensics" and that work continued until June 26 – the point at which it became aware that criminals had stole sensitive data.

In the company's original Form 8-K filed with the Securities and Exchange Commission (SEC) on July 2, it said no malicious code was found in its systems. There was also no mention of extortion, which suggests this was a straightforward data smash-and-grab job rather than ransomware.

[1]

"Once we detected the unauthorized activity, we immediately launched an investigation and engaged third-party experts to determine the nature and scope of the incident," the [2]letter reads. "We learned during our investigation that a vendor's user accounts – which had access to an online data storage location – were compromised and that because of this, an unauthorized party was able to access a limited amount of data stored in a storage location outside our core systems.

[3]

[4]

"As a result of our investigation, we took immediate actions including disabling all potentially compromised vendor accounts and terminating all active sessions; blocking all IP addresses associated with threat actor activity; and implementing a global password reset for the impacted vendor. Additionally, we enhanced our security and monitoring efforts, internal controls, and security posture."

HealthEquity's main offering is health saving accounts (HSAs), which allow individuals to save money and use it tax-free for certain medical expenses. The data compromised includes information collected during the sign-up phase, which was subsequently stolen by the unnamed cybercriminals.

[5]Secure Boot useless on hundreds of PCs from major vendors after key leak

[6]Data pilfered from Pentagon IT supplier Leidos

[7]Rite Aid admits 2.2 million people's data stolen by criminals

[8]I spy another mSpy breach: Millions more stalkerware buyers exposed

Not all individuals have had the same data types stolen, but they could include any combination of first and last names, home addresses, telephone numbers, employee IDs, employer names, SSNs, general contact information about dependents, and payment card data (does not include card number of HealthEquity debit card information).

HealthEquity said it wasn't aware of any cases where the stolen data has been misused, but has offered everyone affected the usual credit monitoring and identity theft services for two years through [9]Equifax</a.

[10]

[11]The incident is one of many targeting the [12]healthcare sector in recent times, but the absence of malware or ransomware is a rare curiosity.

Healthcare is often seen as a prime target for ransomware given the industry's inherent need to maintain operational uptime, but it's rare to see data theft at a major organization without the miscreants trying to further leverage their access into a larger payout.

Significant cases in recent months include the ALPHV/BlackCat (RIP) attack on [13]Change Healthcare and [14]Qilin's attack on Synnovis , a pathology services provider to major London hospitals. ®

Get our [15]Tech Resources



[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Zqe8o50GvTCQXpPmJ5SOgwAAAIw&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[2] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/2ec3e314-5731-49d0-a937-6dc22c6b24f3.html

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zqe8o50GvTCQXpPmJ5SOgwAAAIw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zqe8o50GvTCQXpPmJ5SOgwAAAIw&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://www.theregister.com/2024/07/29/infosec_roundup/

[6] https://www.theregister.com/2024/07/24/leidos_data_leak/

[7] https://www.theregister.com/2024/07/16/rite_aid_says_22_million/

[8] https://www.theregister.com/2024/07/15/infosec_roundup/

[9] https://www.theregister.com/2023/10/13/equifax_fca_fine/

[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zqe8o50GvTCQXpPmJ5SOgwAAAIw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[11] https://www.theregister.com/2023/10/13/equifax_fca_fine/

[12] https://www.theregister.com/2024/05/28/take_two_apis_and_call/

[13] https://www.theregister.com/2024/06/21/change_healthcare_patients/

[14] https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/

[15] https://whitepapers.theregister.com/



Excerpts From The First Annual Nerd Bowl (#6)

JOHN SPLADDEN: We're back. The players have assumed their positions and
are ready to answer computer-related questions posed by referree Eric S.
Raymond. Let's listen in...

RAYMOND: Okay, men, you know the rules... And now here's the first
question: Who is the most respected, sexy, gifted, and talented spokesmen
for the Open Source movement? [Bzzz] Taco Boy, you buzzed in first.

ROB MALDA: The answer is me.

RAYMOND: No, you egomaniacal billionaire. Anybody else want to answer?
[Bzzz] Yes, Alan Cox?

ALAN COX: Well, duh, the answer has to be Eric Raymond.

RAYMOND: Correct! That answer is worth 10 million points.

ROB MALDA: Protest! Who wrote these questions?!