in Tech News

4.3 million Americans uncovered in huge well being financial savings account knowledge breach


Health financial savings account (HSA) supplier HealthFairness skilled an enormous knowledge breach that has put over 4.3 million Americans’ data in danger. 

The firm, which makes a speciality of offering HSAs, versatile spending accounts (FSAs), well being reimbursement preparations (HRAs) and 401(okay) retirement plans, confirmed menace actors stole delicate well being knowledge utilizing a associate’s compromised credentials. 

This contains full names, house addresses, phone numbers, employer and worker IDs, Social Security numbers and extra.

GET SECURITY ALERTS, EXPERT TIPS — SIGN UP FOR KURT’S NEWSLETTER — THE CYBERGUY REPORT HERE

data breach 1

Illustration of a hacker at work. (Kurt “CyberGuy” Knutsson)

What it is advisable know in regards to the HealthFairness knowledge breach

HealthFairness has confirmed that it suffered a knowledge breach through which the non-public data of tens of millions of Americans was compromised. In a Form 8-Ok submitting submitted on July 2, the corporate disclosed that hackers gained entry to this delicate well being knowledge after utilizing a associate’s compromised credentials.

HealthFairness grew to become conscious of the techniques anomaly on March 25, and the investigation continued till June 10.  The firm’s knowledge breach discover reads partially:

“We discovered some unauthorized access to and potential disclosure of protected health information and/or personally identifiable information stored in an unstructured data repository outside our core systems. On June 26, 2024, after validating the data, we unfortunately determined that some of your personal information was involved.”

As for notifications, the corporate tells us that the method for notifying clients — each companies and people — is ongoing. Affected people will obtain a notification by mail or e-mail based mostly on their account communications preferences.

The firm says that the affected knowledge was sign-up data for accounts and advantages that it administers. The knowledge could embrace data in a number of of the next classes: first title, final title, tackle, phone quantity, worker ID, employer, Social Security quantity, well being card quantity, well being plan member quantity, dependent data (for normal contact data solely), HealthFairness profit sort, diagnoses, prescription particulars, fee card data (however not fee card quantity) and/or HealthFairness account sort. Not all knowledge classes had been affected for each member.

HealthFairness says it’s not conscious of any precise or tried misuse of the knowledge as a consequence of this incident to this point. We reached out to HealthFairness, and a consultant from the corporate offered CyberGuy with this assertion: 

“The entire Purple Team is committed to educating, assisting and supporting our partners, clients and members through this incident. We have taken immediate, proactive and prudent action since we first discovered an anomaly with our third-party vendor. This included quickly resolving the issue, bringing together a team of outside and internal experts to investigate, and preparing for response. 

“Additionally, we formally filed notification with the Securities and Exchange Commission, which wasn’t required, however represents our concern and dedication to clear communication. We remorse the inconvenience brought on by the incident and are working to attenuate disruption whereas additionally taking steps to assist stop this from occurring sooner or later. Partner and shopper notifications are underway, and we’re grateful for the professionalism and understanding we’re experiencing so far.” 

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET 

data breach 2

Illustration of hackers at work. (Kurt “CyberGuy” Knutsson)

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

What is HealthEquity doing about the data breach?

HealthEquity says it has secured the affected data repository. The vendor’s user accounts, which had access to an online data storage location, were compromised, allowing hackers to access data stored in that location. HealthEquity has disabled all potentially compromised vendor accounts, terminated all active sessions and blocked all IP addresses linked to the threat actor’s activity. The company has also implemented a global password reset for the impacted vendor.

The HSA provider has also arranged credit identity monitoring, insurance and restoration services for those impacted. These services will be available for two years, free of charge, through Equifax.

CLICK HERE FOR MORE U.S. NEWS

data breacj 3

Illustration of a hacker. (Kurt “CyberGuy” Knutsson)

WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM

8 measures to take to protect yourself from a data breach

If you suspect you’ve been impacted by this data breach, follow these steps to protect your personal data and privacy.

1. Invest in identity theft protection: If you have been affected by a data breach, scammers may try to impersonate you to gain access to your private information. The best thing you can do to protect yourself from this type of fraud is to subscribe to an identity theft service.

Identity theft companies can monitor personal information like your Social Security number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

2. Invest in removal services: Investing in removal services is beneficial, particularly in the wake of data breaches like the recent one experienced by HealthEquity. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

3. Place a fraud alert: Contact one of the three major credit reporting agencies (Equifax, Experian or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification.

4. Be cautious of phishing attempts: Be vigilant about emails, phone calls or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request.

GET FRESH BUSINESS ON THE GO BY CLICKING HERE

The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

5. Check Social Security benefits: It is crucial to periodically check your Social Security benefits to ensure they have not been tampered with or altered in any way, safeguarding your financial security and preventing potential fraud.

6. Change your password: You can render a stolen password useless to thieves simply by changing it. Opt for a strong password — one you don’t use elsewhere. Even better, consider letting a password manager generate one for you.

7. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.

8. Contact the U.S. Federal Trade Commission: If you detect any unauthorized transactions in any of your financial accounts, you should immediately notify the appropriate payment card company or financial institution. If you detect any incidents of identity theft or fraud, promptly report it to your local law enforcement authorities, state attorney general and the Federal Trade Commission.

PHARMA GIANT’S DATA BREACH EXPOSES PATIENTS’ SENSITIVE INFORMATION

Kurt’s key takeaway

The HealthEquity data breach highlights the need for strong cybersecurity practices, especially when it comes to protecting personal and health information. If you’re affected by this breach, it’s important to take action. Monitor your accounts and personal information for any unusual activity. Staying vigilant can help protect you from identity theft and financial fraud.

CLICK HERE TO GET THE FRESH NEWS APP

Do you feel confident in the measures HealthEquity is taking to protect your data going forward? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

Copyright 2024 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FRESH Business beginning mornings on “FRESH & Friends.” Got a tech query? Get Kurt’s free CyberGuy Newsletter, share your voice, a narrative thought or remark at CyberGuy.com.



Source link

Written by Clickmen

Leave a Reply

Your email address will not be published. Required fields are marked *

America’s reckless Iran coverage has Middle East on brink of struggle. Only deterrence can pull us again now

5 journey necessities to pack on your summer time getaway