DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Advanced Data Processing employee accessed and disclosed ambulance patients’ info to others for tax refund fraud scheme

Posted on November 29, 2012 by Dissent

Advanced Data Processing, a subsidiary of Intermedix Corp. that does business as ADPI,  handles billing for a number of ambulance services throughout the U.S.

The Florida-headquartered firm  notified the California Attorney General’s Office this week that on October 1, they discovered a rogue employee had been accessing and disclosing patient information to others who used the information to file fraudulent tax returns to obtain refunds.  According to their notification letter and a statement sent to PHIprivacy.net by  spokesperson Lisa MacKenzie, the breach occurred on June 15, when the employee first improperly accessed patient data.

According to their statement to this site, ADPI was alerted to the breach by authorities, who informed them that an employee might be improperly accessing and improperly releasing confidential personal information. MacKenzie tells PHIprivacy.net, “The employee was suspected of being connected to a tax fraud scheme that has far reaching implications beyond the improper access at ADPI.”

While ADPI would not disclose how many patients were affected, how many more might possibly have had their data accessed, nor how many of their clients were affected, MacKenzie informs this blog that 17 states have been notified of this breach including Arizona, California, Florida, Georgia, Kansas,Kentucky, Massachusetts, Maryland, Missouri, North Carolina, Nebraska, Nevada, New Mexico, Ohio, Oklahoma, Tennessee and Texas. HHS was notified of the breach yesterday.

The employee has been apprehended, but has not been publicly named yet, and it’s not known to this blogger whether the employee has been charged criminally at this time.

Although no medical information was accessed, patient information included names, dates of birth, Social Security numbers and record identifiers.

Free credit monitoring services were offered only to those patients whom ADPI could confirm had their details accessed by this employee. Other patients whose data may have been accessed were notified and advised to be vigilant.

The Los Angeles Fire Department was one of the clients affected, as the Los Angeles Times reports.

(This post originally appeared on PHIprivacy.net)

Update: According to a second article in the L.A. Times, the employee has not been charged at this time.   I also learned that this incident is part of the vast ID theft/fraud ring investigated for the past two years and referred to as “Operation Rainmaker” by law enforcement officials.

Note:  Most, if not all, updates on this incident will be posted to PHIprivacy.net.

Related posts:

  • Forbes Breach Email Statistics
  • The Secret IRS Files: Trove of Never-Before-Seen Records Reveal How the Wealthiest Avoid Income Tax
  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • A further 512 websites hacked and defaced by HaX.R00T
Category: Breach IncidentsBusiness SectorID TheftInsiderOf NoteU.S.

Post navigation

← Rogue Advanced Data Processing employee accessed and disclosed patient info to others for tax refund fraud scheme (update2)
NZ: MidCentral District Health Board's privacy breaches cause for serious concern →

3 thoughts on “Advanced Data Processing employee accessed and disclosed ambulance patients’ info to others for tax refund fraud scheme”

  1. Helen Lawson says:
    November 30, 2012 at 11:16 am

    And one day later… we hear of a Tampa hospital maintenance worker who is able to obtain two pages of patient names & Social Security numbers, and successfully net $550,000 in fraudulent tax refunds.

    1. admin says:
      November 30, 2012 at 12:44 pm

      This is a HUGE problem in Florida. And I’ve been mulling over what we know already and what might need to be done. Right now, they’re using patient data for tax refund fraud, which is bad enough. What if they also start selling patient info cheap to those who have no health insurance? The consequences could be horrific.

  2. Anonymous says:
    December 4, 2012 at 7:35 am

    I worked for ADPI/Intermedix in Miami and I can tell you that any employee can access patient data, because there is so much work and employees are handling different counties/cities throughout the US , monitoring by manager is not done. Any employee can write down any patient info i.e. date of birth, social security numbers,and in some case credit card information and no one will know. Even had a employee who ordered breakfast with an patient credit card.
    “Do The Right Thing ” is their motto, but if you Do The Right Thing and tell Human Resources what you know or suspectr YOU WILL BE FIRED!!!!!!!

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.