Grady Health System said Friday that hundreds of Grady EMS ambulance service patients are being notified that their personal information may have been stolen.
An investigation by Advanced Data Processing Inc. (ADPI), which handles billing for Grady EMS, has found that an employee illegally accessed the firm’s ambulance billing system and stole personal information of thousands of ambulance patients nationwide, including Grady patients.
The ADPI investigation concluded that the records of about 900 Grady EMS patients were illegally breached and that personal information was copied.
The probe indicates the data breach started Jan. 15, 2012, and ended Oct. 12. ADPI has terminated the employee allegedly involved, and law enforcement is investigating further to determine whether any Grady EMS patient information was used illegally.
The Fort Lauderdale-based company said in a statement that some patient information was disclosed to a theft ring suspected of filing fraudulent federal tax returns with the IRS.
The company probe revealed unauthorized access and, in certain cases, disclosure of personal information, which may include names, Social Security numbers and dates of birth. No actual medical information was accessed or disclosed, ADPI said.
Grady issued a statement Friday that said the health system “is committed to protecting the confidential information of our patients and is working closely with ADPI to prevent future breaches.’’
The Grady statement also said ADPI will provide all the individuals affected with a year of free credit monitoring to ensure that their personal information is not used improperly.
“The health system is also in touch with those patients and will assist them as needed with any consequences resulting from this unfortunate incident,” the Grady statement said.