Ivinson Memorial Hopsital Announces Security Breach
Ivinson Memorial Hospital has announced a security incident involving a web server belonging to a vendor that provides website services to IMH.
FastHealth, a contracted website vendor, discovered on May 15 that an unauthorized third party altered code on their web server designed to capture patient billing and health-related information as it was being entered onto online patient web forms. The vendor informed IMH of the breach on May 15.
Kendel Dockham, IMH marketing manager, said the hospital wanted to make sure all of the information provided by FastHealth was accurate before announcing the breach.
“We wanted to do our due diligence,” she said. “We went through all of the information we received and we do feel confident now that what we did end up sending out was the actual impacted list.”
Dockham said the hospital is working with FastHealth to rectify the situation and they are unaware of any inappropriate use of the information that may have been accessed on the server.
The breach did not affect all of IMH’s patients. Only those who submitted a payment through the online bill-pay platform or completed new patient intake forms online from Jan 14, 2016 to December 20, 2016. IMH is sending letters to affected patients to notify them of the breach.
Dockham said a call center has been established to answer questions about the data breach and is also offering a year of free credit monitoring and identity theft protection services through Experian.
While the hospital is working with FastHealth to address the issue, Dockham said IMH will not be working with the vendor in the future.
“My team is working diligently right now to develop a new website,” Dockham said. “We will be terminating the contract with FastHealth as soon as we are able to do so.”
Dockham said the hospital is looking at different vendors but is also considering the possibility of hosting a new website themselves, rather than through a vendor.
Dockham said 100 hospitals nationwide were affected by the security breach.