Fundamental Administrative Services Data Breach Affects over 56k People

Between October 27, 2024 and January 13, 2025, Fundamental Administrative Services, LLC (FAS), a major healthcare management and administrative support company, experienced a data breach that affected the personal information of at least 56,325 individuals in the United States. The breach impacted individuals associated with dozens of healthcare facilities managed by FAS across several states.

On or about January 20, 2025, Fundamental discovered suspicious activity on its internal network. An investigation revealed an unauthorized actor gained access to FAS’s computer network and copied certain files and folders used by the company’s covered entities.

The data breach exposed both personally identifiable information (PII) and protected health information (PHI). Compromised information included names, dates of birth, Social Security numbers, driver’s license or state identification numbers, financial account information, medical treatment information, health insurance policy numbers, and Medicare/Medicaid plan names.

The breach is considered significant due to the sensitive nature of the data involved and the method by which the attacker was able to copy files over an extended period of time. Fundamental Administrative Services disclosed the data breach to the U.S. Department of Health and Human Services March 21, 2025 and updated the number of individuals impacted to over 56, 000 on Aug. 20, 2025.

FAS published a Notice of Data Event on it's website to alert individuals and notified affected individuals by mail. The cybersecurity incident was reported to several Attorney Generals' offices, including Massachusetts, Texas, and Vermont, beginning on Aug. 15, 2025. Impacted patients include 13,302 Texas residents and 16 in Massachusetts.

Fundamental Administrative Services' response

To support those affected, FAS has provided guidance on how individuals can protect themselves from potential identity theft and fraud. The company encourages affected individuals to:

• Remain vigilant by reviewing account statements and monitoring their free credit reports for suspicious activity.
• Consider placing a fraud alert or credit freeze with the major credit bureaus (Equifax, Experian, and TransUnion).
• Take advantage of free resources and information on identity theft provided by the Federal Trade Commission and state Attorney General offices.

If you believe you may be affected or have questions, you can contact FAS directly at dataprivacy@fundltc.com. The full text of the consumer notice, including detailed steps for protecting your personal information, will be available at the bottom of this article in PDF format.

Which Vendors are Impacted?

The notice provides a list of downstream vendors that have been affected:

• Alamo Heights Health and Rehabilitation Center
• Allegany Health Nursing and Rehabilitation
• BellTower Health & Rehabilitation Center
• Bennettsville Health & Rehabilitation Center
• Berlin Nursing and Rehabilitation Center
• Bremond Nursing and Rehabilitation Center
• Bridgecrest Rehabilitation Suites
• Brownfield Rehabilitation and Care Center
• Calhoun Convalescent Center
• Canton Oaks
• Casa Arena Blanca Nursing Center
• Casa Maria Health Care Center and Pecos Valley Rehabilitation Suites
• Cedar Pointe Health and Wellness Suites
• Central Desert Behavioral Health Hospital
• College Park Rehabilitation Center
• Corinth Rehabilitation Suites on the Parkway
• Courtyards at Pasadena
• Creekside Terrace Rehabilitation
• Crimson Heights Health & Wellness ALF
• Crimson Heights Health and Wellness
• Crosbyton Nursing and Rehabilitation Center
• Devlin Manor Nursing and Rehabilitation Center
• Edgewood Rehabilitation and Care Center
• Fairfield Nursing and Rehabilitation Center
• Falcon Ridge Rehabilitation
• Forest Haven Nursing and Rehabilitation Center
• Founders Plaza Nursing & Rehab
• Fruitvale Healthcare Center
• Green Valley Health and Wellness Suites
• Hallmark Healthcare Center
• Harmon Hospital
• Hearthstone of Northern Nevada
• Hillside Heights Rehabilitation Suites
• Horizon Health & Rehab Center
• Horizon Specialty Hospital of Henderson
• Horizon Specialty Hospital of Las Vegas
• Julia Manor Nursing and Rehabilitation Center
• Kirkland Court Health and Rehabilitation Center
• Lake Emory Post Acute Care
• Lancaster Health and Rehabilitation
• Las Brisas Rehabilitation and Wellness Suites
• Las Ventanas de Socorro
• Los Arcos del Norte Care Center
• Magnolia Manor of Greenville
• Magnolia Manor of Greenwood
• Magnolia Manor of Inman
• Magnolia Manor of Rock Hill
• Magnolia Manor of Spartanburg
• Meadowbrook Care Center
• Midlands Behavioral Health Hospital
• Midlands Health & Rehabilitation Center
• Mira Vista Court
• Monarch Pavilion Rehabilitation Suites
• Moran Nursing and Rehabilitation Center
• North Las Vegas Care Center
• Northampton Manor Nursing and Rehabilitation Center
• Oakbrook Health and Rehabilitation Center
• Oakland Nursing and Rehabilitation Center
• Physical Rehabilitation and Wellness Center of Spartanburg
• Rehab Center of Cheraw
• Restore Health Rehabilitation Center
• Retama Manor Nursing Center/Victoria South
• Riverside Health and Rehab
• San Gabriel Rehabilitation and Care Center
• Sandy Lake Rehabilitation and Care Center
• Sedona Trace Health and Wellness
• Sierra Ridge Health and Wellness Suites
• Solidago Health and Rehabilitation
• Southpointe Healthcare and Rehabilitation
• Spanish Hills Wellness Suites
• Spanish Trails Rehabilitation Suites
• St. George Healthcare Center
• Sterling Oaks Rehabilitation
• Sunset Villa Care Center
• Terra Bella Health and Wellness Suites
• The Brazos of Waco
• The Casitas at Las Brisas ALF
• The Hillcrest of North Dallas
• The Pavilion at Creekwood
• The Pavilion at Glacier Valley
• The Terrace at Denison
• The Village at Richardson
• Valley Falls Terrace
• Villa Haven Health and Rehabilitation Center
• Villa Rosa Nursing and Rehabilitation
• Willow Springs Health & Rehabilitation Center
• Woodlands Place Rehabilitation Suites