Grady issues correction to claim that ADPI breach went on for nine months
In response to inquiries initiated by this blog after noting a discrepancy between Grady’s statement and ADPI’s statement concerning the timeframe of the breach, Grady has just issued the following correction:
Billing contractor data breach includes Grady EMS patient information
Some Grady EMS ambulance service patients are being notified that selected personal information may have been stolen by a former employee of Advanced Data Processing, Inc. (ADPI), the company that handles billing for Grady EMS. An ADPI investigation shows that one if its employees illegally accessed the company’s ambulance billing system and stole personal information of thousands of ambulance service patients nationwide, including Grady EMS patients. ADPI, working with law enforcement, identified the source of the information breach and immediately terminated that employee.
The ADPI investigation found that the records of approximately 900 Grady EMS patients were illegally breached and that personal information was copied. The probe shows the data breach started June 15, 2012 and ended October 12, 2012 and law enforcement is currently working to determine if any of the Grady EMS patient information may have been used illegally.
Grady Health System is committed to protecting the confidential information of our patients and is working closely with ADPI to prevent future breaches. To protect Grady patients, ADPI will provide all the individuals affected with a year of free credit monitoring to ensure that their personal information is not used improperly. The health system is also in touch with those patients and will assist them as needed with any consequences resulting from this unfortunate incident.
For more information regarding the ADPI data breach, please contact Lisa MacKenzie, MacKenzie Marketing Group, 503-705-3508, [email protected].
The original media release, dated November 30, 2012, incorrectly stated that the data breach began January 15, 2012. This release has been updated to correct the start date of the breach which was June 15, 2012.