Feb 282018

In May, 2017,  this site started reporting that a number of healthcare facilities had been impacted by a breach at their vendor, Tuscaloosa-based FastHealth. FastHealth provides website and operational tools and services, including online bill payment. According to FastHealth’s news release at the time, an unauthorized third party had altered code on its web server, resulting in the capture of patient billing and health-related information entered via online patient web forms. More than 9,200 patients who had submitted payments between January 14 – December 20, 2016, were affected.

Only a few months after disclosing that 2016 breach, FastHealth was successfully attacked again, it seems.

According to a notification letter from FastHealth, in mid-August 2017, an unauthorized party gained access to their web server and obtained patient data.  FastHealth first learned of the problem on November 2, when they were contacted by law enforcement, and their investigation, conducted by an external firm, was completed on January 26, 2018.

FastHealth’s notification tells patients that they have no evidence of any misuse of the patients’ information, but the fact that law enforcement alerted them to the breach likely does not bode well in that regard. FastHealth arranged to provide services through Kroll for those affected.



  11 Responses to “FastHealth notifies patients of 2017 incident involving their data”

  1. This letter does not say it includes protected health information of patients. It says it was information persons entered into forms on the web sites.

  2. I was told it was people who applied for a job. Also, the name of the Medical Center that they said I had contacted was not correct.

  3. i have never been to this hospital or heard of it, why am I getting a letter.

    • Did you get a letter from FastHealth or from the hospital? FastHealth had a number of clients, and I’m wondering if people are getting confused by the letters.

  4. I recvd a letter today but have no clue who fasthealth is and or the company they are speaking of. I have life lock so Im not going to lose sleep over something I have no control over. There will always be some loser trying to cheat, steal and destroy something/someone for some loser reason instead of getting a real job and acting like a real human instead of a lowlife doosh ! =)

  5. is this a scam? third party record [*provider? Kroll is who?

  6. Received notice of breach today. Never heard of them of Kroll either. The letter doesn’t state what facility or database that they claim that my information was stolen from… seems weird, like, shouldn’t they tell us that? I have several places that I receive healthcare services at.

Sorry, the comment form is closed at this time.