Billing information for at least 750 patients who used Philadelphia ambulances in 2012 was stolen by an employee of the company that handles such data, the Fire Department said Friday.
The company, Intermedix, was first made aware of the data breach, which affected agencies in several states, in 2012, the department said. The thefts were part of a scheme to use the patients' information to file fraudulent tax returns, and the employee is now in jail.
In 2012, Philadelphia officials were assured that the breach did not affect them, the department said.
But in February, police in Opa-locka, Fla., arrested a person in possession of a sheet of paper with names, dates of birth, Social Security numbers, and other billing information for some Philadelphia ambulance patients. The department would later identify about 750 patients whose information was stolen in the data breach. All had used ambulances on April 1 and 2, 2012.
It was unclear whether anyone else's information had been stolen, the department said, but patients who used ambulances in the city between Feb. 1 and Sept. 4, 2012, could be at risk.
No medical information was disclosed in the data breach, the department said.
The department has sent letters to those affected, they said. Those patients can receive free credit monitoring and fraud resolution services, the department said, and it encouraged patients to call the IRS to determine whether a fraudulent tax return had been filed in their name.
The Fire Department has also set up a website for concerned patients: www.myidcare.com/intersecurity