Security update: Awareness only, no action needed Skip to content

Security update: Awareness only, no action needed

Graphic that reads: Security update

Note: New information about the SFTP MOVEit vulnerability was added on June 16 at 3:45 p.m. CT.

I can share new information on this event. As of today, HealthEquity was removed from the impacted list related to the SFTP MOVEit vulnerability. We continue to be vigilant in our efforts to protect the confidentiality, integrity, and security of our customer data, systems, and applications and those of our partners.

Update from June 15, 2:00 p.m. CT

To our HealthEquity customers, in our ongoing commitment to transparency, I want to inform you that HealthEquity recently became aware of a vulnerability related to our third-party software provider, MOVEit. We took immediate action to patch the vulnerability within 24 hours of its discovery and will continue to take necessary steps as needed. As a result, there has been minimal disruption to our members, clients, and other partners.

While HealthEquity is named as an impacted entity, we have performed a thorough investigation resulting in no evidence of exposure regarding any personally identifiable data or client information at this time. We take our responsibility to protect our systems and the data entrusted to us very seriously and are committed to providing the secure experience our clients and members expect.

We will continue to monitor and deploy increased security measures and capabilities across our platforms to help detect and prevent further threat activity, while working with our partners to do the same.

Thank you for subscribing!

Thank you for subscribing!

About the author

Larry Trittschuh

Larry Trittschuh, Chief Security Officer for HealthEquity, leads information security, privacy, fraud prevention, incident response, physical security teams, compliance as well as information technology. He is a veteran of the United States Air Force.

Are you a business?

Talk to us today to get started.

Talk to us

Are you an individual?

Start building health savings today.

Open account

COBRA/Direct Bill Employer login

Please refer to your Client Welcome email for the URL of your specific COBRA/Direct Bill Employer login page.