Personal information compromised after hackers access email accounts
The personal information of as many as 35,000 ATI Physical Therapy patient may have been compromised earlier this year when hackers gained access to company email addresses.
In January, ATI Holdings noticed some unauthorized changes to certain employees’ direct-deposit information. Upon further investigation, the company noticed employee email accounts had been inappropriately accessed. The company now says at least one of those addresses included patient names, birth dates, driver’s license numbers, Social Security numbers, credit card numbers, diagnoses, and medication and billing information, among other data.
ATI has since reported the incident to the United States Department for Health and Human Services’ Office of Civil Rights. They are also mailing letters to those patients believed to have been directly affected.
ATI has made password changes mandatory for employees, while the company continues to pursue better email security while training its employees to recognize any future phishing scams.
SOURCE: Chicago Tribune