FastHealth notifies patients of 2017 incident involving their data

In May, 2017,  this site started reporting that a number of healthcare facilities had been impacted by a breach at their vendor, Tuscaloosa-based FastHealth. FastHealth provides website and operational tools and services, including online bill payment. According to FastHealth’s news release at the time, an unauthorized third party had altered code on its web server, resulting in the capture of patient billing and health-related information entered via online patient web forms. More than 9,200 patients who had submitted payments between January 14 – December 20, 2016, were affected.

Only a few months after disclosing that 2016 breach, FastHealth was successfully attacked again, it seems.

According to a notification letter from FastHealth, in mid-August 2017, an unauthorized party gained access to their web server and obtained patient data.  FastHealth first learned of the problem on November 2, when they were contacted by law enforcement, and their investigation, conducted by an external firm, was completed on January 26, 2018.

FastHealth’s notification tells patients that they have no evidence of any misuse of the patients’ information, but the fact that law enforcement alerted them to the breach likely does not bode well in that regard. FastHealth arranged to provide services through Kroll for those affected.



About the author: Dissent

11 comments to “FastHealth notifies patients of 2017 incident involving their data”

You can leave a reply or Trackback this post.
  1. guest - March 27, 2018

    This letter does not say it includes protected health information of patients. It says it was information persons entered into forms on the web sites.

    • Dissent - March 27, 2018

      On Feb. 27, FastHealth reported the incident to HHS as affecting 1,345 patients.

  2. Anonymous - April 2, 2018

    I was told it was people who applied for a job. Also, the name of the Medical Center that they said I had contacted was not correct.

    • Dissent - April 2, 2018

      I don’t know what to tell you. Do you have that in writing that you can scan in? I’d like to see it.

  3. Laura - April 12, 2018

    i have never been to this hospital or heard of it, why am I getting a letter.

    • Dissent - April 12, 2018

      Did you get a letter from FastHealth or from the hospital? FastHealth had a number of clients, and I’m wondering if people are getting confused by the letters.

  4. Anonymous - April 12, 2018

    I recvd a letter today but have no clue who fasthealth is and or the company they are speaking of. I have life lock so Im not going to lose sleep over something I have no control over. There will always be some loser trying to cheat, steal and destroy something/someone for some loser reason instead of getting a real job and acting like a real human instead of a lowlife doosh ! =)

  5. george tinder - April 13, 2018

    is this a scam? third party record [*provider? Kroll is who?

  6. Anonymous - April 13, 2018

    Received notice of breach today. Never heard of them of Kroll either. The letter doesn’t state what facility or database that they claim that my information was stolen from… seems weird, like, shouldn’t they tell us that? I have several places that I receive healthcare services at.

    • Dissent - April 13, 2018

      Kroll is a well-known firm for security and breach services.

Comments are closed.