Advanced Data Processing, Inc. (ADPI), a firm that manages billing for ambulance companies, said late Thursday that a company employee had accessed sensitive data on individuals who had received emergency response or other ambulance services and was feeding it to a fraud ring alleged to be filing fraudulent federal tax returns with the IRS.
The company said that Oct. 1, 2012, individual account information from an ambulance billing system was “illegally accessed” by a company employee. The data accessed included personal information such as names, social security numbers, and birth dates.
Working with the company on the investigation, law enforcement authorities identified the employee who admitted to the crime. The employee was terminated immediately, the company said.
To comply with the Health Information Technology for Economic and Clinical Health (HITECH) Act, at approximately 8PM on Thursday, the company issued a wave of press releases (PDF) to 17 different states, indicating that the issue was widespread.
Advanced Data Processing is the parent company to Intermedix, a Fort Lauderdale, Florida-based company that claims to be the largest independent provider of medical billing and coding services to emergency medical services agencies in the United States. The company offers outsourced billing solutions including the provision of mobile electronic patient record collection systems for its clients to capture patient information at the scene of an incident.
A company spokesperson said that the total number of records exposed is unknown.
“Intermedix was victimized by a tax fraud ring in Tampa,” the spokesperson told SecurityWeek. “Using illegally obtained records, this ring stole millions by filing false tax returns.”
Several have been arrested in this ring, including 13 in March of this year, but the investigation is still ongoing.
Tampa police detective Sal Augeri, who was instrumental in cracking the fraud ring, provided testimony (PDF) on the growing problem of tax fraud before the Senate Subcommittee on Fiscal Responsibility & Economic Growth in March 2012.
“The tax refund fraud scams mirrors the spread of crack cocaine here in Tampa,” Augeri said.
He went further and explained some of the tactics used by the criminals to execute their theft.
“Suspects obtained the names and social security numbers of deceased people from historical and genealogy web sites,” Augeri explained.
“When that information ran dry, they turned to individuals who worked in Assisted Living Facilities who would obtain necessary information on patients,” Augeri continued. “Lists of names are now being sold by those having access to personal information in businesses, medical offices and schools.”
“Tax fraud is viewed as a very lucrative crime to commit; there is relatively little risk of being caught (based on difficulty of investigations), a seemingly endless amount of available money and the crimes usually don’t involve violence,” Augeri said.
ADPI said it has has a rigorous compliance program that includes new employee and annual training, background checks on new hires, and privacy and security measures designed to meet the standard of the HIPAA and HITECH Acts.
The company also said that it is working closely with Federal and local law enforcement agencies who are conducting a criminal investigation.
Related: Researchers Release Insider Threat Security Reference Architecture
Related: Finding the Devil Inside: The Psychology of the Insider Threat
