Cyber Incident Victim: Fast Health

In mid-August 2017, an unauthorized party gained access to FastHealth's web server and obtained patient data, marking the second security incident involving the healthcare vendor within approximately a year. The Tuscaloosa-based company, which provided website tools and online bill payment services to healthcare facilities, had previously experienced a breach between January and December 2016 when attackers altered server code to capture patient billing and health information submitted through web forms, affecting over 9,200 patients. FastHealth first became aware of the 2017 intrusion on November 2 when contacted by law enforcement authorities, indicating external discovery of the breach. The company engaged an external firm to investigate the incident, with the investigation concluding on January 26, 2018. This timeline reveals a three-month gap between the August intrusion and its detection via third-party notification, followed by nearly three months of forensic examination to determine the breach's scope and nature.

FastHealth notified affected patients about the 2017 breach in February 2018, disclosing that attackers had compromised their web server and accessed patient data but stating they had no evidence of information misuse. The notification acknowledged that law enforcement's involvement in alerting them to the breach potentially indicated serious concerns about data exploitation. In response, FastHealth arranged identity protection services through Kroll for impacted individuals. The incident exposed vulnerabilities in FastHealth's web infrastructure, coming just months after their disclosure of the 2016 breach that had similarly exploited online patient forms. Both incidents compromised sensitive billing and health information submitted through the company's payment systems, though the exact number of patients affected in the 2017 breach remains unspecified in available disclosures.