More than 500 Ivinson Memorial Hospital patients should receive notices in coming days that their billing and health information might have been compromised because of a security breach involving a hospital website vendor.
FastHealth, which provides website services to IMH, notified the hospital May 15 that an unauthorized third party altered code on its web server, with the alteration designed to capture patient billing and health-related information as it was being entered onto online patient web forms.
Patients who submitted a payment through an online bill-pay platform or completed a patient intake form from Jan. 14-Dec. 20, 2016, were affected, according to a news release.
While the hospital was notified of the breach about two months ago, it has been working since then to verify that the information submitted by FastHealth matched IMH files, according to Deanna Allen, IMH compliance, privacy and security officer.
“Going through all of the data elements, we just wanted to be sure that we agreed with the information that we had, and we feel confident,” she said.
FastHealth has since removed the code from its web servers, and IMH has removed the bill-pay option from its website.
“We shut down anything that could cause any harm,” Allen said.
FastHealth and IMH are both unaware of any fraudulent activity stemming from the incident.
Allen said about 100 other hospitals were also affected by the security breach.
A call center has been set up to answer questions from anyone who might have been affected by the breach. They can call 844-534-0814 from 7 a.m.-7 p.m. Mondays-Fridays. People can also call the IMH compliance department at 755-4557.
Those affected by the breach will be offered a year of free credit monitoring and identity theft protection through Experian.
Kendle Dockham, IMH marketing manager, said the hospital has worked with FastHealth since at least 2014, when the most recent contract began. However, the hospital will “absolutely not” continue with the company in the future.
“My team and I are working very diligently with Medicine Bow Technologies to develop a site,” she said. “As soon as we can, we are terminating that contract.”