Ivinson Memorial Hospital Affected by FastHealth Security Breach

A data breach experienced by FastHealth, a vendor of website services, has impacted more than 500 patients of Ivinson Memorial Hospital in Laramie, WY.

Access was gained to a web server used by FastHealth and the attackers altered code on the website to capture billing and health information submitted by patients in online forms.

The breach does not affect all patients, only those that used the online bill-pay platform or completed new patient intake forms between January 14, 2016 and December 20, 2016. The security breach was discovered by FastHealth on December 21, 2016 and a third-party security firm was contracted to conduct an investigation. Forensic investigations can take some time to conduct, although it is unclear why it took almost 5 months for FastHealth to notify organizations about the breach.

The Laramie Boomerang reports that Ivinson Memorial Hospital was informed about the security breach on May 15, 2017. Patients are just being notified of the breach as it took time for Ivinson Memorial Hospital to verify the information sent by FastHealth. Ivinson Memorial Hospital says it wanted to make sure that the information it received about the breach was correct before making an announcement and notifying its patients.

The breach has prompted Ivinson Memorial Hospital to look for a new website vendor and will be terminating the contract with FastHealth as soon as possible.

The Fast Health data breach does not only impact individuals from Ivinson Memorial Hospital. Fast Health provides website services to many healthcare organizations with more than 100 hospitals across the United States understood to have been affected by the security breach, according to the Laramie Boomerang.

Heart of the Rockies Regional Medical Center in Salida, CO was also impacted by the breach and was recently notified by FastHealth. Its patients have been informed that their names, dates of birth, email addresses, billing addresses, phone numbers, account numbers, payment card numbers, expiration dates and CVV security codes were compromised as a result of the breach.   Heart of the Rockies Regional Medical Center has now found an alternate vendor to provide its online payment and registration platform.

The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights indicates 9,289 individuals were impacted by the security breach at FastHealth.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.