The personal information of 35,000 patients at ATI Physical Therapy (ATI) was compromised after a number of employees’ email accounts were inappropriately accessed by a third party. The incident occurred between January 9 and 12, 2018. On January 11, ATI updated its employee payroll information and launched an investigation,
Affected information includes names, dates of birth, driving license numbers, medical information including diagnoses and medication, and, in some cases, Social Security numbers.
Those affected have been informed, provided with complimentary credit monitoring services, and offered identity theft insurance policies worth up to $1 million.
ATI has improved its email defenses and provided additional phishing awareness training to staff. The investigation is ongoing, but based on the reports and remedial action, it is likely that users fell victim to a phishing attack.
The most important line of defense against a phishing attack is the email recipient. If your staff are able to identify and correctly respond to a malicious email, the danger can be mitigated.
Increase phishing awareness
Our Phishing Staff Awareness Course gives your staff an introduction to phishing scams, and helps reduce the chance that an employee will hand over confidential information, or inadvertently infect your organization’s systems. The course helps employees identify phishing attacks, explains what would happen should they fall victim, and shows them how they can mitigate the threat of an attack.