Advanced Data Processing Inc., a Fort Lauderdale, Fla.-based company that provides medical billing and coding services to emergency medical services providers, announced it experienced a data breach involving an employee who illegally accessed individual account information, "some of which was disclosed to a theft ring suspected of filing fraudulent federal tax returns."
The company learned about the breach Oct. 1, according to a news release (PDF)
on the Intermedix website. A company profile
from Bloomberg Businessweek states that privately held Advanced Data Processing Inc. does business through four divisions: Intermedix, EPBS, Revenue Rescue and ADPI/Intermedix.
The employee, who admitted to the crime, was terminated, the company statement said. No medical information was released in the breach, according to the company, but some of the disclosed information included individuals' Social Security numbers and dates of birth.
Pam Dixon, founder of the San Diego-based World Privacy Forum, a not-for-profit privacy advocacy organization, and an expert in medical identity theft, said the breach comes as no surprise.
“We've known now for some time that third-party billing apps are an area of great concern for breaches and medical identify theft,” Dixon said.
“The next thing we can say, the way this company has made breach notifications, is really poor business practice,” Dixon said. “This is disingenuous. If someone's information has been sold to a crime ring, they need to get help and assistance almost immediately. Best practice dictates that people are told quickly and the entire truth is told.”
Officials at Intermedix could not be reached for comment Friday evening.