We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

‘Protected Health Information’ Stolen in HealthEquity Breach

‘Protected Health Information’ Stolen in HealthEquity Breach
Hendrik Human Published on 10th July 2024 Cybersecurity Researcher

On July 2, 2024, Health tech provider HealthEquity disclosed a data breach involving unauthorized access to customers' protected health information via a compromised third-party vendor account. The breach was detected on March 25 and involved HealthEquity's SharePoint data.

The incident, affecting 23,000 subscribers, has not been linked to any other recent cyberattacks in the healthcare sector.

HealthEquity disclosed the breach in an 8-K filing with the SEC. Its statement says that the breach was discovered through routine monitoring when it encountered “anomalous behavior by a personal use device belonging to a business partner.” The company claims that it immediately took steps to “isolate and triage” the issue while launching an investigation into its nature and scope.

According to HealthEquity, the investigation concluded that an unauthorized third party had compromised a partner account, which allowed it to access the data. This involves some personally identifiable information, including protected health information. The malicious actor then transferred this data off the partner’s systems.

However, the investigation did not find any malicious code on any of HealthEquity’s systems, and the company has assured customers that the incident has not affected its business operations in any way.

In response to TechCrunch, HealthEquity spokesperson Amy Cerny clarified that it was an isolated incident and that “transactional systems, where integrations occur, were not impacted.” That said, Cerny declined to comment on the exact nature of the stolen personally identifiable and protected health information, the number of people affected, and which partner was responsible for the initial compromise.

This is only the latest instance of a long line of cyber-attacks plaguing the healthcare industry. Russian gang Qilin recently targeted London hospitals, causing 800 operations to be canceled. Earlier this year, Kaiser Permanente disclosed a breach affecting 13.4 million individuals.

About the Author

Hendrik is a writer at vpnMentor, specializing in VPN comparisons and user guides. With 5+ years of experience as a tech and cybersecurity writer, plus a background in corporate IT, he brings a variety of perspectives to test VPN services and analyze how they address the needs of different users.