For Immediate ReleasePress Contact: Debra Pryor, City of Berkeley Fire Chief, (510) 981-5500
NOTIFICATION: AMBULANCE DATA THEFT
Berkeley, California (Friday, November 30, 2012) - Advanced Data Processing, Inc. (ADPI), the ambulance billing vendor for the City of Berkeley, has notified the City that the personal information of some of the City’s ambulance customers was inappropriately accessed by an ADPI employee in conjunction with a scheme to commit identity theft.
ADPI first learned on October 1, 2012 that patient account information from the ambulance billing system had been illegally accessed by an ADPI employee. Some of the stolen data was disclosed to a theft ring suspected of filing fraudulent federal tax returns with the IRS. ADPI is working closely with Federal and local law enforcement agencies who are conducting the criminal investigation. ADPI terminated the employee’s employment and access to its system.
ADPI has also conducted its own investigation of the incident. As a result of this investigation, on October 15, ADPI notified the City that the personal information of 168 City of Berkeley ambulance customers had been inappropriately accessed. On November 21, 2012, after completing further forensic analysis, ADPI notified the City that the employee may have accessed an additional 763 customer records. The unauthorized access to and, in certain instances disclosure of, personal information, may have included patient names, social security numbers, and dates of birth. ADPI has determined that no medical information was accessed or disclosed.
In compliance with HIPAA regulations, the City and ADPI provided joint notification of the breach of information to all of the potentially impacted customers through a letter from ADPI. The letter to the initial 168 customers was mailed November 15, 2012 and a letter to the additional 763 customers was mailed yesterday. The letter advises potentially impacted individuals how to monitor their credit report for suspected misuse. Individuals who believe they may be affected by this incident are advised to review credit card account statements and monitor their credit report for unauthorized activity. Information and resources are available at www.myidcare.com/intersecurity. The letter also informs impacted City of Berkeley customers that ADPI will pay for one year of credit monitoring service to detect any fraudulent use of personal information, along with information on how to access this service.
ADPI has a rigorous compliance program that includes new employee and annual training, background checks on new hires, and privacy and security measures designed to meet the standard of the HIPAA and HITECH Acts. As a result of this incident, ADPI is reinforcing to employees the importance of the security and confidentiality of sensitive personal data.
If customers have any questions, they should call the City’s customer service line at 311 (or 510-981-CITY for callers outside the City); the City’s customer service representatives have been provided information about this situation and can respond to questions. Additionally, ADPI has retained ID Experts to provide information to aid affected customers. Customers seeking further information can call 1-877-264-9622 Monday through Friday from 9 am - 9 pm Eastern Time or visit www.myidcare.com/intersecurity.
This press release is in accordance with the Health Information Technology for Economic and Clinical Health (HITECH) Act.