Innovative Physical Therapy Data Breach: SSNs & Names Exposed

On Aug. 25, 2025, Innovative Physical Therapy, a network of outpatient physical therapy clinics and rehabilitation centers, learned that a vendor providing practice management services had experienced a significant data breach. The cybersecurity incident compromised both personally identifiable information (PII) and protected health information (PHI) of thousands of individuals.

According to the notice posted by Innovative Physical Therapy, the breach began when two employees of a practice services management vendor responded to phishing emails, inadvertently disclosing their email account credentials. This allowed an unauthorized party to access the email accounts between June 25 and June 26, 2025.

The exposed information includes names, dates of birth, phone numbers, Social Security numbers, medical information, and health insurance details. The scope and sensitivity of the compromised data make this breach especially serious, as it could potentially be used for identity theft or insurance fraud.

The company disclosed the data breach to the U.S. Department of Health and Human Services on Oct. 2, 2025 and posted a consumer notice on its website. So far, the breach has affected at least 2,023 individuals in the United States.

Innovative Physical Therapy's response

After learning of the incident, Innovative Physical Therapy’s vendor immediately secured the affected email accounts and engaged a third-party forensic investigation firm to assess the scope of the breach.

The vendor also conducted a thorough review to determine which patients were affected and what information was compromised. Innovative Physical Therapy instructed the vendor to send notification letters to affected individuals.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Innovative Physical Therapy or its vendor(s).
• Sign up for the complimentary credit monitoring and identity protection services offered by the company.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

For more information, impacted individuals can call 855-291-2518, Monday through Friday, between 8:00 a.m. and 8:00 p.m., CT.