Protected health information for about 32,500 patients of Cottage Health System could have been exposed on the Internet for up to four years.

The Santa Barbara, Calif.-based delivery system is offering affected patients--treated at four hospitals--identity restoration services from ID Experts if any of the information is misused. Cottage Health on Dec. 2 discovered that a third-party vendor “appeared to have removed electronic security protections from one of its servers without informing Cottage, resulting in the exposure of certain information stored on the server,” according to an statement from the organization.

Patients being notified were treated at the affected hospitals between Sept. 29, 2009 and Dec. 2, 2013. Cottage Health has no evidence the exposed information was used in any way. Compromised data included name, address, date of birth, and limited clinical information for some of the patients. Social Security numbers, financial information and drivers’ license numbers were not on the server.

The delivery system immediately removed the server from service and is auditing its security protocols.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access