Private identity information, including Social Security numbers, may have been leaked for up to 900 Los Angeles ambulance patients as part of a multistate data breach, officials said Thursday.
Los Angeles Fire Department Chief Deputy Daren Palacios said Thursday that the confidential information of people who rode in LAFD ambulances over the last two years may have been compromised.
The information was accessed by an employee at Fort Lauderdale-based Advanced Data Processing Inc., which handles ambulance billing for the LAFD and other ambulance agencies across the country.
On Oct. 12, the LAFD sent letters to 26 Los Angeles-area patients who took ambulances informing them their names, Social Security numbers and dates of birth had been accessed by an employee at the ADPI subsidiary who "deliberately and maliciously accessed and disclosed individual account information."
The sensitive information was then used to file fraudulent federal income tax returns to obtain refunds, according to LAFD officials.
The 26 letters were sent to those whom officials know were accessed, but they say the employee had possible access to information for about 900 people.
"Our customers turned to us in a time of need, and we treated them and transported them, and their expectation is that we protect this personal information," Palacios said.
ADPI has handled the city's ambulance billing for the last two years under an outsourcing effort
Palacios added that the city isn't expected to be held liable in the investigation, which is being handled by the Internal Revenue Service and local law enforcement authorities.
ADPI spokeswoman Lisa MacKenzie said notification letters were sent by the company nationwide. The only people who would have been impacted in Los Angeles would be those who may have taken an ambulance, either an LAFD one or one operated by another company that uses the company's services.
"It's always a drag for anything like this to happen," MacKenzie said. "The company is doing everything that they can to provide information and resources for anyone who may have been affected."
She said people can call 877-264-9622 or go online to www.myidcare.com/intersecurity to find out more information.
"I don't have any numbers on the total number that were affected. Many states were involved," she said.
Stealing private medical information violates the Health Insurance Portability and Accountability Act (HIPAA).
The city's decision to contract with ADPI follows a growing pattern of the city using outsourcing to increase efficiencies and save money.
As part of the move, about 50 positions were eliminated at the LAFD.
The decision to outsource operations was criticized at the time by Pat McOsker, head of the United Firefighters of Los Angeles City.
On Thursday, he said he'd warned the City Council such a breach could occur.
"This is an unfortunate example of what happens when you privatize," McOsker said. "The city isn't able to ensure that people's information is kept private."
Palacios said he believes the City Council considered all the issues when choosing to outsource billing operations for the LAFD.
"I think the decision was made that this was the right decision, to go with the outsourcing," Palacios said.
But he added that the City Attorney's Office is re-examining its contract with ADPI.
In an email late Thursday, Deputy City Attorney William Carter said his office was examining whether any other city departments have contracts with ADPI.