The insurance company that paid $4.125 million for Cottage Health System to settle a class action lawsuit following a large data breach now wants its money back.

Santa Barbara, Calif.-based Cottage Health in early December 2013 discovered that a third-party vendor “appeared to have removed electronic security protections from one of its servers without informing Cottage, resulting in the exposure of certain information stored on the server,” according to a statement at the time from Cottage Health.

That meant protected health information on about 32,500 patients was accessible on the Internet simply through a Google search, according to insurer Columbia Casualty Company, which has filed a lawsuit in U.S. District Court for the Central District of California and seeks repayment from Cottage Health.

Also See: 10 Strategies for Protecting Patient Data

Columbia Casualty in the suit says it wants the $4.125 million plus attorney fees and other related expenses back because Cottage Health did not follow minimum required practices for protecting information and did not truthfully attest to its security controls. Further, the insurer charges that misrepresentations and/or omissions of fact were made negligently or with intent to deceive.

A spokesperson for Cottage Health System did not respond to a request for comment on the lawsuit. A copy of the suit, “Columbia Casualty Company v. Cottage Health System,” is available here, courtesy of The Register, an independent IT news site.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access