by Hoala Greevy Founder CEO of Paubox
Article filed in

HealthEquity, Inc. Once Again Suffers HIPAA Email Breach

by Hoala Greevy Founder CEO of Paubox

hipaa email breach, hipaa email data breach, paubox hipaa breach report

On November 17, 2018, HealthEquity, Inc. submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS). This is their second reported HIPAA Email Breach this year alone.

SEE RELATED: HealthEquity, Inc. Suffers HIPAA Email Breach

Based in Draper, Utah, HealthEquity’s second email breach in 2018 affected 165,800  individuals’ protected health information.

HealthEquity is classified as a Business Associate

According to a recent report on

HealthEquity is committed to protecting the privacy of the individuals we serve. We sincerely regret this recent attack. While the results of our forensic investigation have found no evidence of actual or attempted misuse of the information, we are offering five years of free identity theft and credit monitoring services to all affected individuals. We are also implementing additional security protocols to help prevent this from occurring in the future. While the attack was limited to access through two Microsoft Outlook 365 email accounts and none of HealthEquity’s systems were accessed or impacted, we continue to be vigilant and proactive in protecting the personal information of the individuals we serve.

Through a third-party forensic research team, we have discovered that approximately 190,000 may have been impacted. We have begun notifying these individuals and offering 5-year credit monitoring services.

HealthEquity Email Platform

We did an MX record lookup for HealthEquity and determined they are still using Office 365 as their email platform.

It should be noted that Office 365 was their underlying email provider for both of their HIPAA email breaches this year.

We have seen an alarming number of Office 365 customers reporting HIPAA Email Breaches in 2018.

HHS Wall of Shame

The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.

As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.

HIPAA Breach Report

The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.

Copy link
Powered by Social Snap