Cyber Incident Victim: ATC Healthcare Services
Date:
Feb 2021
Location:
United States of America
Summary
ATC Healthcare Services experienced a data breach stemming from unauthorized access to multiple employee email accounts over several months, compromising sensitive consumer information. The breach exposed personal identifiers, financial data, medical records, health insurance details, biometric information, and digital credentials. Following detection of unusual email activity, the company secured affected accounts, conducted an investigation, and confirmed potential data access by an unauthorized party. After completing a manual review of compromised email contents, notifications were dispatched to impacted individuals regarding the exposure of their information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
ATC Healthcare Services, LLC detected unusual activity in certain employee email accounts on December 22, 2021, prompting immediate securing of the compromised accounts and initiation of an internal investigation. The investigation confirmed unauthorized access to multiple employee email accounts intermittently between February 9, 2021, and December 22, 2021. ATC could not confirm whether the unauthorized party accessed or exfiltrated patient data stored within these accounts, necessitating a manual review of all files and attachments in the affected email systems. This review concluded on June 2, 2022, revealing that compromised information varied by individual but included names, Social Security numbers, driver’s license numbers, financial account details, usernames and passwords, passport numbers, biometric data, medical records, health insurance information, electronic/digital signatures, and employer-assigned identification numbers. The breach exposed highly sensitive personal and health data, creating significant risks of identity theft, financial fraud, and medical privacy violations for affected individuals. ATC Healthcare Services officially notified impacted parties through data breach letters distributed on July 1, 2022, nearly seven months after initial detection and one month after completing the data review.
The company, a healthcare staffing firm founded in 1982 with headquarters in Lake Success, New York, operates 65 franchise locations and employs over 1,000 workers. ATC did not disclose the number of affected individuals or specific operational impacts beyond the email account compromises. While confirming unauthorized access occurred through employee email accounts, ATC provided no technical details regarding the intrusion method, attacker identity, or whether multi-factor authentication or other security controls were bypassed. The incident timeline shows a 10-month window of potential unauthorized access prior to detection, followed by a six-month forensic review period before notifications were issued. No ransomware deployment, data destruction, or financial demands were mentioned in the public disclosure. The breach notification emphasized the types of exposed data but did not confirm actual misuse of information or specify whether law enforcement was involved in the investigation. ATC's public statements focused on containment through securing email accounts and conducting manual data reviews rather than detailing broader system-wide security enhancements implemented post-incident.