Laramie, Wyo.-based Ivinson Memorial Hospital will notify more than 500 patients of a security incident involving a third-party online payment service.
FastHealth, a website vendor the hospital contracted for its online bill service, discovered malicious code on its web server in January, a hospital spokeswoman told Becker's. The code was designed to capture limited patient health and financial information on an online payment platform and new patient intake forms. The code had been on the system January 2016, the spokeswoman added.
The compromised information may have included patient demographic or credit card information. There have been no reports of fraudulent activity and the hospital has removed all bill pay options from its website, which they are working diligently to recreate, according to the spokeswoman.
The FastHealth security incident affected nearly 100 hospitals nationwide — comprising 9,289 patients, according to HHS' Office for Civil Rights breach portal —the spokeswoman said. She added the hospital plans to terminate its contract with FastHealth.
More articles on health IT:
Former employee distributes PHI of 1.5k Detroit Medical Center patients
Healthcare coalition supports House appropriation's proposed HHS budget
Mayo Clinic launches nationwide Epic EHR implementation at 1st Wisconsin sites