DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

ATI Physical Therapy notifies patients of data breach

Posted on March 13, 2018 by Dissent

ATI Physical Therapy is notifying patients of a security incident that appears to have targeted employees’ email accounts. Here is their update of March 12, although I’m not sure when any previous notification may have been published (their newsroom does not show any prior notice on their site): 

About the data privacy event

ATI Holdings, LLC and its subsidiaries (“ATI”) recently discovered an incident that may affect the security of personal information of certain ATI patients. We have been working diligently, with the assistance of third-party forensic investigators, to determine the full nature and scope of this incident. We are taking additional actions to strengthen the security of our email systems moving forward. ATI has also contacted and is working with appropriate law enforcement agencies and regulators regarding this incident.

Frequently asked questions

What happened? On January 11, 2018, ATI discovered that certain employees’ direct deposit information was changed in our payroll platform. We took immediate steps to mitigate the impact of the incident, and also promptly initiated an internal investigation, with the assistance of third-party forensic investigators, to determine the nature and scope of the incident, including whether any sensitive information was affected. As part of this investigation, ATI recently determined that certain ATI employee email accounts were accessed without authorization between January 9, 2018 and January 12, 2018, and that certain types of patient information were included within one or more of these email accounts.

What information may have been affected by this incident? Recently, ATI determined that one or more of the affected email accounts contained, and the unauthorized actor may have had access to, information related to certain ATI patients, including the following types of information: name, date of birth, driver’s license or state identification number, Social Security number, credit card number, financial account number, patient identification number, Medicare or Medicaid identification number, medical record number, diagnosis, disability code, treatment information, medication/prescription information, doctor’s or therapist’s name, billing/claims information, and/or other health insurance information.. The type of information affected varies per impacted individual. Social Security number was only impacted for a small percentage of the affected population. While our investigation is ongoing, we do not currently have any evidence of actual or attempted misuse of patient information as a result of this incident.

How will I know if I am affected by this incident? ATI will mail notice letters to individuals whose protected information was contained within one or more of the affected emails accounts and may have been accessed by an unauthorized actor.

What is ATI doing? ATI is providing potentially impacted individuals access to free credit monitoring services. Information on these services is included in the notice letters that are being mailed to affected individuals, and can also be found at atiholdings.allclearid.com. We have ensured that all employees identified as impacted changed their passwords. We are taking additional actions to strengthen the security of our email systems moving forward, as well as providing additional training to users and employees on how to identify phishing scams. We continue to monitor our systems to better protect the privacy and security of your personal information.

Whom should I contact for more information? ATI has set up a call center to answer questions from those who might be impacted by this incident. Anyone with additional questions about the incident may contact the call center at 1-855-828-5850 (toll free), Monday through Saturday, 8:00 a.m. to 8:00 p.m. CT. If you do not receive a letter in the coming weeks, but want to know whether you are affected, please contact the call center at 1-855-828-5850.

For  the full notification, see their site. 

Category: Health Data

Post navigation

← UPDATE: FLVS leak affected 50,000 Leon County employees and students
Yahoo Enters $80 Million Securities Class Action Settlement After Data Breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
  • UK: Two NHS trusts hit by cyberattack that exploited Ivanti flaw
  • Update: ALN Medical Management’s Data Breach Total Soars to More than 1.8 Million Patients Affected
  • Russian-linked hackers target UK Defense Ministry while posing as journalists
  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them
  • Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.