As I had done with the Epsilon breach on DataBreaches.net, I’ve decided to devote a blog post to tracking organizations affected by the Advanced Data Processing (ADPI) breach. The San Francisco Chronicle reported that there were “27 agencies in 17 states whose patients may have had personal information stolen.” As you’ll see below, that does not appear to match what we know at this time. ADPI had informed me that the 17 states include: Arizona, California, Florida, Georgia, Kansas, Kentucky, Massachusetts, Maryland, Missouri, North Carolina, Nebraska, Nevada, New Mexico, Ohio, Oklahoma, Tennessee and Texas. At the very least, we’re missing the affected Nevada organization or agency and we may be missing other organizations within some of these states.
Use the comments section below to let me know about organizations or significant details to be added to this list. If you can, please provide links to the media sources you are relying on. We don’t need multiple media sources on each entity, so if there’s already a good media link, we don’t need more. Right now, most of the links are to substitute notices/press releases that simply name the agencies, so we’re missing a lot of details. If you have a breach notification letter that we haven’t seen already that you can scan in and share, that would be great, too.
For organizations named in the media, press releases, or notifications to states, I am providing a link to the source. Where the number affected have been reported, I’m including links to that, too. The following list is in alphabetical order:
- Berkeley Fire Department 931 affected: “On October 15, ADPI notified the City that the personal information of 168 City of Berkeley ambulance customers had been inappropriately accessed. On November 21, 2012, after completing further forensic analysis, ADPI notified the City that the employee may have accessed an additional 763 customer records. ADPI notice to CA naming Berkeley FD (CA)
- Carlsbad Fire Department (CA)
- City of Altanta EMS (NHDOJ letter; see Grady entry, but are others in Atlanta affected?) (GA)
- City of Azle (TX)
- City of Berkeley (see Berkeley FD) (CA)
- City of Blue Springs (MO)
- City of Bonham Fire Department (TX)
- City of Casselberry (FL) Media
- City of Corona Fire Department ADPI notice to CA naming Corona FD (CA)
- City of Covington Fire Department (KY) 1548
- City of El Centro (see El Centro FD) media report (CA) 1500
- City of Gloucester (see Gloucester Fire Department) NHDOJ Notice 1286 Substitute Notice
- City of Los Angeles (see LAFD) (CA)
- City of North College Hill (FL) 555 HHS
- City of McAlester (OK)
- City of Omaha (NE)
- City of Overland Park (KS) (Notification, jpg) 911
- City of Seguin Fire/EMS (TX) 800 839 HHS
- City of Valparaiso Fire Department (IN) 860 [Note: those affected by the breach were first notified in August, 2013]
- City of Victoria (TX)
- City of Yuma Fire Department (AZ) Media (FD)
- Cumberland County Hospital System dba Cape Fear Valley Hospital Health System (NC)
- El Centro Fire Department1500ADPI notice to CA naming El Centro FD (CA)
- First Response Medical Transportation Corp. (MD) (Media) 552 HHS
- Frederick County (MD) (Media)
- Gloucester Fire Department (Media correction)
- Grady Health Systems 900 (GA)
- Harris County Emergency Corps (TX)
- Los Angeles Fire Department 913: 26 definites, 900 possible Media ADPI notice to CA naming LAFD
- Okaloosa County EMS (FL) 715
- Osceola County EMS (FL) Media 949
- Sandoval County (NM)
- Sumner County EMS (TN) 745 (Media) 774 HHS
- Victoria Fire Department (TX)
- Village of North Palm Beach (FL)
- Washington County EMS (TX) 1300 1435 HHS