E-mail Phishing exploits exposed ATI Physical Therapy 35,000 patient records!

Phishing ReportHackers got access to employee email accounts belonging to several employees of Bolingbrook-based ATI Physical Therapy and stole information on 35,000 patients.  The company noticed the problem in January when it appeared that payroll direct deposit records were changed in their payroll system for a number of employees.

This led to ATI hiring an independent forensics team that discovered that confidential personal health information for about 35,000 patients of ATI and some subsidiaries were breached.

The data breached varied by patient, but could include a combination of Social Security numbers, driver’s license or state identification numbers, Medicare or Medicaid identification numbers, and medical record numbers, along with a wide range of medical information.

Impacted patients were notified by mail and offered a year of free credit monitoring, along with a $1 million identity theft insurance policy.

Bolingbrook, Illinois based ATI Physical Therapy has over 100 clinics in Illinois.

The third-party forensics team determined that several employee email accounts were hacked between Jan. 9 and Jan. 12.  It appears that some employees fell victim to a phishing scam email campaign that exposed both patient and employee confidential information.

The investigation is ongoing, and ATI officials said they’ve since strengthened email security to protect against future breaches. Employees were also provided additional training to better detect phishing emails.

In a separate incident in January, Florida’s Agency of Healthcare Administration reported a breach of 30,000 patient records after an employee also fell for a phishing email which allowed hackers to access Medicaid enrollee data, including some Social Security numbers.

A recent data security incident affected about 53,000 patients receiving services from Onco360 and CareMed Specialty Pharmacy.  On November 30, 2017, a forensic investigation determined that an unauthorized user appeared to have gained access to email accounts of three employees. A detailed review of the impacted e-mail accounts was performed, and on January 8, 2018, it was determined that e-mails from those accounts may have contained demographic information, medication and clinical information, health insurance information and Social Security numbers of some of the patients receiving services from Onco360 and CareMed Specialty Pharmacy.  Onco360 and CareMed Specialty Pharmacy are subsidiaries of PharMerica and located in Louisville, KY.