FastHealth notifies patients of 2017 incident involving their data

In May, 2017,  this site started reporting that a number of healthcare facilities had been impacted by a breach at their vendor, Tuscaloosa-based FastHealth. FastHealth provides website and operational tools and services, including online bill payment. According to FastHealth’s news release at the time, an unauthorized third party had altered code on its web server, resulting in the capture of patient billing and health-related information entered via online patient web forms. More than 9,200 patients who had submitted payments between January 14 – December 20, 2016, were affected.

Only a few months after disclosing that 2016 breach, FastHealth was successfully attacked again, it seems.

According to a notification letter from FastHealth, in mid-August 2017, an unauthorized party gained access to their web server and obtained patient data.  FastHealth first learned of the problem on November 2, when they were contacted by law enforcement, and their investigation, conducted by an external firm, was completed on January 26, 2018.

FastHealth’s notification tells patients that they have no evidence of any misuse of the patients’ information, but the fact that law enforcement alerted them to the breach likely does not bode well in that regard. FastHealth arranged to provide services through Kroll for those affected.



About the author: Dissent