WREG Memphis reports that the Regional Medical Center at Memphis (the MED) is notifying almost 1,200 physical therapy patients who were treated at the MED between May 2012 and January 2013 that their names, account numbers, birthdates, Social Security numbers, home phone numbers, and reasons for needing physical therapy may have been exposed (h/t PHIprivacy.net).

According to the MED, the data was exposed when an employee accidently attached a list of medical records to three unsecure e-mails sent on October 29, 2012, November 1, 2012, and February 4, 2013.

The MED believes the e-mails were deleted and not used, but it's sending notification letters to all affected patients and is offering them one year of free credit monitoring services.

"While the medical center maintains a robust privacy and security compliance program, it also has taken internal steps to help ensure this does not happen again," the MED said in a statement. "The medical center understands the importance of safeguarding patient privacy and takes that responsibility very seriously. It regrets this incident occurred and is committed to preventing such occurrences in the future."

Physical therapy patients who were treated between May 2012 and January 2013 are advised to contact (855) 716-3627 for more information.