DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

ATI Physical Therapy notifies patients of data breach

Posted on March 13, 2018 by Dissent

ATI Physical Therapy is notifying patients of a security incident that appears to have targeted employees’ email accounts. Here is their update of March 12, although I’m not sure when any previous notification may have been published (their newsroom does not show any prior notice on their site): 

About the data privacy event

ATI Holdings, LLC and its subsidiaries (“ATI”) recently discovered an incident that may affect the security of personal information of certain ATI patients. We have been working diligently, with the assistance of third-party forensic investigators, to determine the full nature and scope of this incident. We are taking additional actions to strengthen the security of our email systems moving forward. ATI has also contacted and is working with appropriate law enforcement agencies and regulators regarding this incident.

Frequently asked questions

What happened? On January 11, 2018, ATI discovered that certain employees’ direct deposit information was changed in our payroll platform. We took immediate steps to mitigate the impact of the incident, and also promptly initiated an internal investigation, with the assistance of third-party forensic investigators, to determine the nature and scope of the incident, including whether any sensitive information was affected. As part of this investigation, ATI recently determined that certain ATI employee email accounts were accessed without authorization between January 9, 2018 and January 12, 2018, and that certain types of patient information were included within one or more of these email accounts.

What information may have been affected by this incident? Recently, ATI determined that one or more of the affected email accounts contained, and the unauthorized actor may have had access to, information related to certain ATI patients, including the following types of information: name, date of birth, driver’s license or state identification number, Social Security number, credit card number, financial account number, patient identification number, Medicare or Medicaid identification number, medical record number, diagnosis, disability code, treatment information, medication/prescription information, doctor’s or therapist’s name, billing/claims information, and/or other health insurance information.. The type of information affected varies per impacted individual. Social Security number was only impacted for a small percentage of the affected population. While our investigation is ongoing, we do not currently have any evidence of actual or attempted misuse of patient information as a result of this incident.

How will I know if I am affected by this incident? ATI will mail notice letters to individuals whose protected information was contained within one or more of the affected emails accounts and may have been accessed by an unauthorized actor.

What is ATI doing? ATI is providing potentially impacted individuals access to free credit monitoring services. Information on these services is included in the notice letters that are being mailed to affected individuals, and can also be found at atiholdings.allclearid.com. We have ensured that all employees identified as impacted changed their passwords. We are taking additional actions to strengthen the security of our email systems moving forward, as well as providing additional training to users and employees on how to identify phishing scams. We continue to monitor our systems to better protect the privacy and security of your personal information.

Whom should I contact for more information? ATI has set up a call center to answer questions from those who might be impacted by this incident. Anyone with additional questions about the incident may contact the call center at 1-855-828-5850 (toll free), Monday through Saturday, 8:00 a.m. to 8:00 p.m. CT. If you do not receive a letter in the coming weeks, but want to know whether you are affected, please contact the call center at 1-855-828-5850.

For  the full notification, see their site. 

Related Posts:

  • NY: KinetoRehab Physical Therapy notifies patients…
  • NY: Sloane Stecker Physical Therapy notifies 2,000…
  • VT: Rutland Regional Medical Center notifies…
  • IvyRehab reports data security breach after employee…
  • CO: Sunrise Community Health Notifies Patients of…

Post navigation

← UPDATE: FLVS leak affected 50,000 Leon County employees and students
Yahoo Enters $80 Million Securities Class Action Settlement After Data Breach →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • Seeking clarification on Maine’s data breach notification statute
  • East River Medical Imaging notifies 605,809 patients of breach
  • Russian hackers exploiting Outlook bug to hijack Exchange accounts
  • Britain dismisses report claiming Sellafield nuclear site hacking, says no malware exists on our system
  • 23andMe data breach: Hackers accessed data of 6.9 million users
  • AlphV claims they have started contacting some of Tipalti’s clients (1)
  • Research: Privacy as Pretense: Empirically Mapping the Gap Between Legislative & Judicial Protections of Privacy
  • What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US.

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net