Cyber Incident Victim: Lee County Emergency Medical Services

Lee County Emergency Medical Services (EMS) in Fort Myers, Florida, was impacted by a third-party data security breach involving Intermedix Corporation, a former ambulance billing services vendor. On August 4, 2022, Lee County EMS received notification from Intermedix regarding the breach, which occurred at Smith, Gambrell, & Russell (SGR), a law firm retained by Intermedix. The firm possessed historical Lee County EMS data at the time of the incident, despite Lee County EMS having terminated its business relationship with Intermedix in 2014 after approximately 15 years of collaboration. SGR’s investigation determined that less than 2% of the total records it handled were potentially compromised during the breach. The specific types of data exposed were not disclosed in the notice, nor were the exact dates of the unauthorized access.

Lee County EMS emphasized that there was no indication of misuse of the compromised information. The organization issued notifications to affected individuals as a precautionary measure, reiterating SGR’s assessment regarding the limited scope of the breach. No additional actions taken by Lee County EMS—such as internal investigations, system restorations, or law enforcement engagement—were detailed in the available notice. The incident highlighted risks associated with third-party data retention, as the breach occurred eight years after Lee County EMS ceased direct dealings with Intermedix. The notification did not specify whether legal, credit monitoring, or identity theft protection services were offered to impacted individuals.