On March 9th, 2024, hackers gained access to HealthEquity’s systems by leveraging the hijacked credentials of a third-party application that they used to gain access to HealthEquity’s system.
For almost three weeks, the hackers had access to a repository of unstructured data without anyone being aware that this was happening. The hackers exfiltrated sensitive information, including names, contact details, Social Security numbers, and health plan details. The infiltration began on March 9th, but it wasn't until June 26th that the firm verified that the breach occurred.
What if they had Vorlon?
HealthEquity’s breach followed the normal breach pattern. Hackers got ahold of a compromised credential and logged in to the exposed systems using these credentials.
Because the hackers leveraged valid credentials, it was very difficult to detect something malicious was happening. For almost three weeks, HealthEquity was unaware of what was happening, and because of this, the hackers were able to exfiltrate 4.3 million records of sensitive data.
With Vorlon, HealthEquity wouldve been alerted to the new connection to their system, even with it using “valid” credentials. They also would receive an alert that sensitive data was being transferred.
Here is a brief overview of some of the alerts Vorlon would have raised:
Secret Sharing Detected- Vorlon will raise a new secret sharing detected alert whenever it detects traffic using a secret that has been previously used by a different application
Sensitive Data Access - Vorlon will raise a sensitive data access alert whenever a new endpoint is detected that provides data which includes sensitive information
Unknown Source IP - Vorlon will raise a new unknown source IP alert whenever traffic from a new unknown IP that cannot be identified against the catalog of apps is detected
Unknown Source Geolocation - Vorlon will raise an unknown source geolocation alert whenever it detects traffic from a previously unidentified geolocation
Vorlon has the capability to help you secure your third-party applications and provide a level of visibility that is otherwise difficult to achieve.
Don’t rely on legal agreements with your vendor to secure your data, take back control and provide yourself with a way to secure it.