If you used a city of Los Angeles fire Dept. ambulance, some of your private information could be at risk. Twenty-six people received letters from the L.A. City Fire Dept. informing them their names, Social Security numbers, dates of birth and other information were accessed from the company that handles the department's billing. As many as 900 other people could be affected.
"Our customers turn to us in a time of need when we treated them and transported them, and their expectation is that we protect this private information," said LAFD Assistant Fire Chief Daren Palacios.
The data were taken from ADPI (Advanced Data Processing Inc.), a Florida company. Officials say the stolen information was used to file fraudulent income tax returns.
In addition to Los Angeles there was also theft of ambulance data from the Corona Fire Dept., Berkeley and El Centro.
"They're basically auditing everything that this employee looked at. So that number could potentially go up," said Palacios.
The company issued a statement Thursday: "The employee was immediately terminated ... The company is working closely with federal and local law enforcement agencies who are conducting a criminal investigation ... As a result of this incident, the company is reinforcing to employees the importance of the security and confidentiality of sensitive personal data."
Officials say by using an outside company for billing, that company, not LAFD, is liable for any violation of the HIPAA laws that protect patient information.
"That was one of the benefits of it, is that we expect them, that's their job is to make sure that the encrypted information is not given out," said Palacios.
L.A. City Fire has a six-year contract with Advanced Data Processing. Fire officials say the department and the City Attorney's office are reviewing that contract to see if there should be any changes.
