Our focus on security and protection

Safeguarding the privacy and data of our members, clients, and teams is a core commitment at HealthEquity. We invest heavily in cybersecurity and have developed strong policies and practices to protect sensitive information.

Our approach is rooted in a culture of security awareness and accountability, supported by robust governance structures and industry-leading technologies.

Protecting data through strategic oversight

Effective cybersecurity requires oversight at every level of the organization. Our governance framework ensures that data protection is a strategic priority from the boardroom to individual team members.

Board governance

Our Board of Directors maintains active oversight of cybersecurity risks through dedicated committees. The Cybersecurty and Technology Committee provides direct oversight of our information security program, while the Audit and Risk Committee reviews enterprise risk management including cyber risk.

Management/executive governance

Our Chief Information Security Officer (CISO) leads the enterprise security program and reports regularly to the Board committees. Cross-functional security councils ensure alignment across technology, legal, compliance, and business teams.

How we manage risk and protect customer privacy

HealthEquity maintains a comprehensive risk management program that identifies, assesses, and mitigates cybersecurity threats. We employ multi-layered defenses including encryption, access controls, and continuous monitoring to protect member data.

Privacy is embedded into our product development lifecycle. We adhere to applicable privacy regulations and maintain transparent data handling practices so our members can trust that their information is safe.

Our security program is built on defense-in-depth principles with continuous monitoring, regular penetration testing, and compliance with industry standards including SOC 2, HITRUST, and PCI DSS.

Our ongoing commitment to cybersecurity

We are continuously evolving our security posture to stay ahead of emerging threats. This includes investments in advanced security technologies, ongoing employee training and awareness programs, and partnerships with leading security organizations.

Regular third-party assessments and certifications validate the effectiveness of our controls and demonstrate our commitment to maintaining the highest standards of data protection.

Download CSR Data Sheet

Access our full Corporate Social Responsibility data sheet for detailed metrics and performance information.

Download CSR Data Sheet
Back to top