Skip to content

Medical Billing Company Says Employee Leaked Data to Identity Theft Ring

11/30/2012 -

A provider of technology-based services to the emergency medical services industry says an employee leaked information from its databases to identity thieves. 

Florida-basedAdvanced Data Processing, Inc. says an employee illegally accessed the ambulance billing system and leaked individual account information to a theft ring suspected of filing fraudulent tax returns. The breach was discovered October 1st by the IRS, according to a spokesperson for the company. The employee was fired after admitting to the crime.

Large breaches of private informationhave become a regular occurrence, but in most cases it’s not immediately evident where the information went or if the information has been used maliciously.

Through spokeswoman Lisa MacKenzie, the company said it would not be disclosing the number of employees affected or the name of the employee. The company has not said if the breach affects both patients and company staff, but that affectedindividuals have been notified by mail.

If more than 500 individuals are affected, companies are required to notify all major media outlets in their state, as well as the government, and a notice is put on the Department of Health and Human Services Web site, in accordance with theHealth Information Technology for Economic and Clinical Health (HITECH) Act.

The company distributed 17 notifications to various jurisdictions throughout United States including North Palm Beach, Florida, the City of Los Angeles and Carlsbad Fire Department in California, and Cape Fear Valley Hospital Health System in North Carolina.

For breaches that affect fewer than 500 people, organizations aren’t required to do all the public notifications, but instead keep a log that is turned in to the Secretary of Health and Human Services annually.

An investigation by Advanced Data Processing found unauthorized access to data and disclosure of personal information, “which may include name, social security number, and date of birth.” No medical information was accessed or disclosed, the company said. Federal and local law enforcement are investigating the breach.

IRS spokesperson in Florida Michael Dobzinski says the IRS “can’t confirm or deny any ongoing investigations” or disclose whether it alerted Advanced Data Processing of the breach.

photo byattercop311/flickr