DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Advanced Data Processing employee accessed and disclosed ambulance patients’ info to others for tax refund fraud scheme

Posted on November 29, 2012 by Dissent

Advanced Data Processing, a subsidiary of Intermedix Corp. that does business as ADPI,  handles billing for a number of ambulance services throughout the U.S.

The Florida-headquartered firm  notified the California Attorney General’s Office this week that on October 1, they discovered a rogue employee had been accessing and disclosing patient information to others who used the information to file fraudulent tax returns to obtain refunds.  According to their notification letter and a statement sent to PHIprivacy.net by  spokesperson Lisa MacKenzie, the breach occurred on June 15, when the employee first improperly accessed patient data.

According to their statement to this site, ADPI was alerted to the breach by authorities, who informed them that an employee might be improperly accessing and improperly releasing confidential personal information. MacKenzie tells PHIprivacy.net, “The employee was suspected of being connected to a tax fraud scheme that has far reaching implications beyond the improper access at ADPI.”

While ADPI would not disclose how many patients were affected, how many more might possibly have had their data accessed, nor how many of their clients were affected, MacKenzie informs this blog that 17 states have been notified of this breach including Arizona, California, Florida, Georgia, Kansas,Kentucky, Massachusetts, Maryland, Missouri, North Carolina, Nebraska, Nevada, New Mexico, Ohio, Oklahoma, Tennessee and Texas. HHS was notified of the breach yesterday.

The employee has been apprehended, but has not been publicly named yet, and it’s not known to this blogger whether the employee has been charged criminally at this time.

Although no medical information was accessed, patient information included names, dates of birth, Social Security numbers and record identifiers.

Free credit monitoring services were offered only to those patients whom ADPI could confirm had their details accessed by this employee. Other patients whose data may have been accessed were notified and advised to be vigilant.

The Los Angeles Fire Department was one of the clients affected, as the Los Angeles Times reports.

(This post originally appeared on PHIprivacy.net)

Update: According to a second article in the L.A. Times, the employee has not been charged at this time.   I also learned that this incident is part of the vast ID theft/fraud ring investigated for the past two years and referred to as “Operation Rainmaker” by law enforcement officials.

Note:  Most, if not all, updates on this incident will be posted to PHIprivacy.net.

Category: Breach IncidentsBusiness SectorID TheftInsiderOf NoteU.S.

Post navigation

← Rogue Advanced Data Processing employee accessed and disclosed patient info to others for tax refund fraud scheme (update2)
NZ: MidCentral District Health Board's privacy breaches cause for serious concern →

3 thoughts on “Advanced Data Processing employee accessed and disclosed ambulance patients’ info to others for tax refund fraud scheme”

  1. Helen Lawson says:
    November 30, 2012 at 11:16 am

    And one day later… we hear of a Tampa hospital maintenance worker who is able to obtain two pages of patient names & Social Security numbers, and successfully net $550,000 in fraudulent tax refunds.

    1. admin says:
      November 30, 2012 at 12:44 pm

      This is a HUGE problem in Florida. And I’ve been mulling over what we know already and what might need to be done. Right now, they’re using patient data for tax refund fraud, which is bad enough. What if they also start selling patient info cheap to those who have no health insurance? The consequences could be horrific.

  2. Anonymous says:
    December 4, 2012 at 7:35 am

    I worked for ADPI/Intermedix in Miami and I can tell you that any employee can access patient data, because there is so much work and employees are handling different counties/cities throughout the US , monitoring by manager is not done. Any employee can write down any patient info i.e. date of birth, social security numbers,and in some case credit card information and no one will know. Even had a employee who ordered breakfast with an patient credit card.
    “Do The Right Thing ” is their motto, but if you Do The Right Thing and tell Human Resources what you know or suspectr YOU WILL BE FIRED!!!!!!!

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware
  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.