Cape Coral Breeze reports:
Lee County Emergency Medical Services reports that on Aug. 4 staff received notification of a customer data breach related to a previous third-party vendor responsible for ambulance billing services.
Lee County EMS conducted business with a company called Intermedix Corporation for nearly 15 years, ending its vendor contract in September 2014. Intermedix hired a law firm called Smith, Gambrell & Russell (SGR); the firm was in possession of the data when the breach occurred.
Read more at Cape Coral Breeze.
Lee County’s notice, posted on their website on August 11, reads:
Lee County Emergency Medical Services notifies past customers of third-party security breach
Fort Myers, FL, Aug. 11, 2022 – Lee County Emergency Medical Services reports that on Aug.4 staff received notification of a customer data breach related to a previous third-party vendor responsible for ambulance billing services.
Lee County EMS conducted business with a company called Intermedix Corporation for nearly 15 years, ending its vendor contract in September 2014. Intermedix hired a law firm called Smith, Gambrell & Russell (SGR); the firm was in possession of the data when the breach occurred.
Of all the records the firm handled, less than 2% of the total may have been compromised. At this time, there is no indication that any of the information was misused and the notice is being provided out of an abundance of caution, according to SGR.
The county immediately worked with Intermedix and SGR to assist their efforts to notify those who are potentially impacted, as required by federal law. Impacted individuals should receive a letter in the mail within the next 14 to 21 days.
The county is sharing this with media for transparency and to assist Lee County residents who may be receiving notification in the mail.
Lee County’s EMS website has been updated to include information about the types of protected health information involved, steps that individuals should take to protect themselves, a description of the SGR/Intermedix security breach and contact information for those with questions. The website URL is
www.leegov.com/publicsafety/emergencymedicalservices. People can also call 800-939-4170.
DataBreaches does not see any information on the county’s website at this time with the types of protected health information involved, but if it was an ambulance billing services that had stored data, it would likely at least include name, address, date of service, and health insurance information — insurance information that may be out of date after 8 years.
For its part, Smith, Gambrell & Russell posted a notification on their site that indicates that they provide services for for the Government Employees Insurance Companies. According to their incident disclosure, they first discovered a breach of their IT system and exfiltration of some files on August 9, 2021. They do not indicate when the attack actually occurred. They are offering those affected some mitigation services through IDX and write:
Contact 1-833-423-2985 Monday through Friday, from 9 am – 9 pm Eastern Time to determine whether you were impacted and can enroll in these services.