Company that bills for Keene Fire's ambulance service reports security breach

Ryan Spencer, The Keene Sentinel, N.H.
·2 min read

Jul. 6—The company that does ambulance billing for the Keene Fire Department recently warned thousands of people who have used the service that a security breach could have exposed their personal and financial information.

Comstar LLC, the ambulance billing company based in Rowley, Mass., on Friday mailed notification letters to those who may have been impacted by the breach, according to Keene City Attorney Tom Mullins. He said it's his understanding that about 6,500 people have been identified in connection with Keene Fire's ambulance service, although he said he didn't know how many of them live in the Keene area.

The breached systems may have contained information including people's names, date of birth, medical assessment and medical administration, health insurance information, drivers license, financial account information and Social Security number, Comstar said in a June 14 news release. The breach also affected other ambulance services that use Comstar, according to the release, which does not specify the scope of the incident. The release also does not indicate who might be responsible for the breach or whether it affected information collected over a particular time frame.

"It is important to note that the breach was not caused by any action or inaction of the City," Mullins said in an emailed response to questions from The Sentinel on Wednesday. "The City has been working with outside legal counsel provided by our insurance carrier since it was notified in order to work with Comstar on the notification process."

Comstar identified suspicious server activity around March 26, and by late April an investigation determined that certain systems on its network were subject to unauthorized access, the company's June 14 news release states. Comstar notified the city of the breach in early May, according to Mullins.

"The City did not inform anyone earlier because the City was not in control of the process, and did not know who was impacted, or how," Mullins said in an email. "The only thing that the City was informed of was that Comstar had a breach, and that users of the City's ambulance service were impacted. In addition, the notification process to impacted individuals is complex, especially in a multistate breach."

People should review account statements and credit reports and immediately report any suspicious activity to their financial institution, according to Comstar.

The company is offering a year of credit monitoring and identity-theft restoration services through Equifax to those affected by the breach, according to a frequently-asked questions document Comstar provided the city.

Anyone who has questions or believes they may be impacted by the incident should call 877-587-4280 between 9 a.m. and 9 p.m. Monday through Friday, the company said in the news release.

Comstar did not immediately return a request for comment Wednesday.

Ryan Spencer can be reached at 352-1234, extension 1412, or rspencer@keenesentinel.com. Follow him on Twitter at @rspencerKS