03 Dec 2012

Medical Employee Hacks Ambulance System, Leaks Data to Identity Thieves

An employee of a medical billing company illegally accessed the ambulance system and leaked individual account information to cyber-criminals, according to SecurityManagement.com.

Advanced Data Processing fired the employee who gave the billing data to a theft ring suspected of filing fraudulent tax returns. The employee admitted the crime, which was discovered at the beginning of October by the Internal Revenue Service.

The Florida-based company said it would not disclose the name of the person in charge of the breach or the number of people affected, but said they have been notified by e-mail. The company’s investigation revealed disclosure of personal information such as “name, social security number, and date of birth,” but no medical details were leaked.

The Health Information Technology for Economic and Clinical Health Act specifies companies must notify all major media outlets in their state, as well as the government, if more than 500 people are affected by a medical breach. Also, companies who are hacked should notify the Department of Health and Human Services web site.

Advanced Data Processing distributed 17 notifications to various jurisdictions in Florida, California, and North Carolina, according to SecurityManagement.com. Federal and local law enforcement are still investigating the breach.