VALPARAISO, Ind., Aug. 27, 2013 /PRNewswire/ -- The Valparaiso Fire Department (the Ambulance Agency) received notice from Advanced Data Processing, Inc. (the Company), which handles billing for the Ambulance Agency, that certain patient records connected with the Ambulance Agency may have been improperly accessed. Accessed account information included name, date of birth, Social Security number and record identifier, but no medical information was accessed.
On July 16, 2013, the Company learned from the Internal Revenue Service that certain patient records connected with the Ambulance Agency may have been improperly accessed. By way of background, this past Fall the Company was notified by law enforcement in Tampa, Florida (on October 1, 2012) that a now-former employee of the Company illegally accessed and disclosed certain patient account information in connection with a scheme to file false federal tax returns. Based on the information available to the Company after a thorough internal and external forensic review, it appears that only patients who had ambulance transports during the period January 1 through June 21, 2012 would be potentially affected. When the Company first learned of this incident the Company had no reason to believe that any account information of the Ambulance Agency had been accessed. The employee was apprehended by authorities, immediately terminated by the Company, pleaded guilty to charges brought against her, and is now awaiting sentencing.
Based on the additional information that was recently provided to the Company by the IRS, however, the Company and the Ambulance Agency have learned that account information of some Ambulance Agency patients may have been among the information that was accessed by the former employee. Although it is not known whether any of such information was actually misused, because this cannot be ruled out, this notice is being provided out of an abundance of caution.
The Company long ago implemented a compliance program that includes initial and annual compliance training, background checks on new hires, and privacy and security measures designed to meet the standards of the HIPAA HITECH Act. To further minimize the risk of future data breaches, the Company has made its employees aware of this incident, the Company's systematic ability to catch them should they violate the trust placed in them, and the severe consequences to those who are caught. The Company has also reminded its employees of the importance of maintaining the security and confidentiality of sensitive personal data.
Individuals who believe they may be affected by this incident are advised to remain vigilant for incidents of fraud and identify theft by reviewing credit card account statements and monitoring their credit report for unauthorized activity. Free credit reports are available from any one of the national consumer reporting agencies, Equifax, Experian or TransUnion and from independent credit report providers. A number of companies also offer free credit monitoring services. Individuals should report any suspected identity theft to law enforcement, their state Attorney General, and the Federal Trade Commission (FTC). The credit bureaus and FTC can also provide information about fraud alerts and security freezes and state attorneys general and the FTC can provide you with additional information about avoiding identity theft. In some states you also have a right to obtain a police report if you are a victim of identity theft. The Company has posted information about the purpose, procedures and costs for security freezes as well as contact information for the credit bureaus, the FTC and certain state attorneys general at www.myidcare.com/intersecurity.
Patients with questions regarding this incident can also visit www.myidcare.com/intersecurity or call 1-877-264-9622 Monday through Friday, 9 a.m. to 9 p.m. Eastern, toll free.
For media inquiries regarding the breach, please contact Lisa Jardim at 954-334-6672 or firstname.lastname@example.org.
SOURCE Advanced Data Processing, Inc.