Fundamental Administrative Services Data Breach: See Who's Affected

Between October 27, 2024 and January 13, 2025, Fundamental Administrative Services, LLC (FAS), a major healthcare management and administrative support company, experienced a data breach that affected the personal information of 500 individuals in the United States. According to a notice submitted to the U.S. Department of Health and Human Services on March 21, 2025, an unauthorized actor gained access to FAS’s computer network and copied certain files and folders used by the company’s covered entities. The breach was discovered after FAS detected suspicious activity on its network, prompting an immediate investigation and system lockdown.

The investigation revealed that the compromised files may have included a broad range of sensitive information. Exposed personally identifiable information (PII) included names, Social Security numbers, driver’s license or state identification numbers, financial account information, and dates of birth. Protected health information (PHI) potentially exposed included medical treatment information, health insurance policy numbers, and Medicare/Medicaid plan names. The breach impacted individuals associated with dozens of healthcare facilities managed by FAS across several states.

The breach is considered significant due to the sensitive nature of the data involved and the method by which the attacker was able to copy files over an extended period of time. The full details of who was responsible for the breach have not been disclosed, and the investigation into the scope of the incident is ongoing. For more details, you can view the official breach disclosure on the U.S. Department of Health and Human Services breach portal and review the notice posted by Fundamental Administrative Services.

Fundamental Administrative Services' response

To support those affected, FAS has provided guidance on how individuals can protect themselves from potential identity theft and fraud. The company encourages affected individuals to:

• Remain vigilant by reviewing account statements and monitoring their free credit reports for suspicious activity.
• Consider placing a fraud alert or credit freeze with the major credit bureaus (Equifax, Experian, and TransUnion).
• Take advantage of free resources and information on identity theft provided by the Federal Trade Commission and state Attorney General offices.

If you believe you may be affected or have questions, you can contact FAS directly at dataprivacy@fundltc.com. The full text of the consumer notice, including detailed steps for protecting your personal information, will be available at the bottom of this article in PDF format.

Which Vendors are Impacted?

The notice provides a list of downstream vendors that have been affected:

• Alamo Heights Health and Rehabilitation Center
• Allegany Health Nursing and Rehabilitation
• BellTower Health & Rehabilitation Center
• Bennettsville Health & Rehabilitation Center
• Berlin Nursing and Rehabilitation Center
• Bremond Nursing and Rehabilitation Center
• Bridgecrest Rehabilitation Suites
• Brownfield Rehabilitation and Care Center
• Calhoun Convalescent Center
• Canton Oaks
• Casa Arena Blanca Nursing Center
• Casa Maria Health Care Center and Pecos Valley Rehabilitation Suites
• Cedar Pointe Health and Wellness Suites
• Central Desert Behavioral Health Hospital
• College Park Rehabilitation Center
• Corinth Rehabilitation Suites on the Parkway
• Courtyards at Pasadena
• Creekside Terrace Rehabilitation
• Crimson Heights Health & Wellness ALF
• Crimson Heights Health and Wellness
• Crosbyton Nursing and Rehabilitation Center
• Devlin Manor Nursing and Rehabilitation Center
• Edgewood Rehabilitation and Care Center
• Fairfield Nursing and Rehabilitation Center
• Falcon Ridge Rehabilitation
• Forest Haven Nursing and Rehabilitation Center
• Founders Plaza Nursing & Rehab
• Fruitvale Healthcare Center
• Green Valley Health and Wellness Suites
• Hallmark Healthcare Center
• Harmon Hospital
• Hearthstone of Northern Nevada
• Hillside Heights Rehabilitation Suites
• Horizon Health & Rehab Center
• Horizon Specialty Hospital of Henderson
• Horizon Specialty Hospital of Las Vegas
• Julia Manor Nursing and Rehabilitation Center
• Kirkland Court Health and Rehabilitation Center
• Lake Emory Post Acute Care
• Lancaster Health and Rehabilitation
• Las Brisas Rehabilitation and Wellness Suites
• Las Ventanas de Socorro
• Los Arcos del Norte Care Center
• Magnolia Manor of Greenville
• Magnolia Manor of Greenwood
• Magnolia Manor of Inman
• Magnolia Manor of Rock Hill
• Magnolia Manor of Spartanburg
• Meadowbrook Care Center
• Midlands Behavioral Health Hospital
• Midlands Health & Rehabilitation Center
• Mira Vista Court
• Monarch Pavilion Rehabilitation Suites
• Moran Nursing and Rehabilitation Center
• North Las Vegas Care Center
• Northampton Manor Nursing and Rehabilitation Center
• Oakbrook Health and Rehabilitation Center
• Oakland Nursing and Rehabilitation Center
• Physical Rehabilitation and Wellness Center of Spartanburg
• Rehab Center of Cheraw
• Restore Health Rehabilitation Center
• Retama Manor Nursing Center/Victoria South
• Riverside Health and Rehab
• San Gabriel Rehabilitation and Care Center
• Sandy Lake Rehabilitation and Care Center
• Sedona Trace Health and Wellness
• Sierra Ridge Health and Wellness Suites
• Solidago Health and Rehabilitation
• Southpointe Healthcare and Rehabilitation
• Spanish Hills Wellness Suites
• Spanish Trails Rehabilitation Suites
• St. George Healthcare Center
• Sterling Oaks Rehabilitation
• Sunset Villa Care Center
• Terra Bella Health and Wellness Suites
• The Brazos of Waco
• The Casitas at Las Brisas ALF
• The Hillcrest of North Dallas
• The Pavilion at Creekwood
• The Pavilion at Glacier Valley
• The Terrace at Denison
• The Village at Richardson
• Valley Falls Terrace
• Villa Haven Health and Rehabilitation Center
• Villa Rosa Nursing and Rehabilitation
• Willow Springs Health & Rehabilitation Center
• Woodlands Place Rehabilitation Suites