At Least Four Cities Hacked by Same Criminal Conspiricy
EARLIER THIS WEEK THE LOS ANGELES Fire Department publicly disclosed that several hundreds of ambulance patients had their personal records hacked into by an employee of the firm that was contracted to handle transportation billing for the city. On Thursday Firegeezer that …. one of the agency's employees has "deliberately and maliciously" accessed patient records. The targeted data was the patients' social security numbers and birth dates which were used to file fraudulent tax returns that directed cash refunds to the criminals.
Now the Berkeley, California, Fire Department has also announced that more than 900 of their ambulance patients have had their personal information accessed and are susceptible to identity theft.
According to the San Francisco Chronicle, 13 people were arrested in the Tampa, Fla., area in connection with a crime ring in September and charged with federal tax fraud and other crimes. The defendants are suspected of using the stolen personal information to file fake tax returns in the victims’ names and collect refund checks. Authorities believe the information was stolen from Intermedix Inc., an agency in Fort Lauderdale, Fla., that collects bills from patients who are taken to hospitals by city ambulances. The Berkeley Fire Department is one of 27 agencies in 17 states whose patients may have had personal information stolen from Intermedix and its parent company, Advanced Data Processing Inc.
Berkeley has begun notifying people that information including their name, date of birth and social security number may have been stolen from an agency that collects bills for ambulance services carried out by the Berkeley Fire Department. Medical records were not accessed. (emphasis added by Firegeezer)
The criminal damage is now known to have affected at least four California fire departments. In a press release issued Thursday, Advanced Data said (in part):
Advanced Data Processing, Inc., (the "Company"), a provider of technology-based services to the emergency medical services industry, learned on October 1, 2012 that individual account information from the ambulance billing system was illegally accessed, some of which was disclosed to a theft ring suspected of filing fraudulent federal tax returns with the IRS. With the Company's help, the authorities identified the employee who admitted to the crime. The employee was immediately terminated. The theft included ambulance data from the City of Corona Fire Department, City of Los Angeles, City of Berkeley, and City of El Centro. (emphasis added by Firegeezer.)
The Company is working closely with Federal and local law enforcement agencies who are conducting a criminal investigation. The Company has also conducted its own investigation of the incident. This investigation revealed unauthorized access and, in certain instances, disclosure of personal information, which may include name, social security number, and date of birth. No medical information was accessed or disclosed. The Company sent letters by first class mail to affected individuals and has posted a notice on its website with links to information regarding the incident and resources to aid affected individuals.
With as many as 27 EMS agencies vulnerable, we are watching to see if another shoe drops in the next few days.
* * * * * * *
Also on FireGeezer…
- EMS Patient-Hacking … Part 3 – December 8, 2012