An email hack of several ATI Physical Therapy employee accounts between January 9 and 12 has resulted in the exposure of data from 35,136 patients.

The type of breached data varied by patient, but could include a combination of Social Security numbers, driver’s license or state identification numbers, financial account numbers, Medicare or Medicaid identification numbers, and medical record numbers, along with a wide range of medical information.

The Social Security numbers were breached for only a small percentage of patients of Bolingbrook, Ill-based ATI Physical Therapy, explains a news story from Healthcare IT News.

The affected patients were notified by mail, and were offered a year of free credit monitoring, along with a $1 million identity theft insurance policy.

The investigation is ongoing, according to the news story. Since the breach, ATI has strengthened its email security to protect against future occurrences. Employees were also provided additional training to better detect phishing emails.

[Source: Healthcare IT News]