Saturday, April 21 , 2018, 1:28 pm | Fair 68º


Local News

Cottage Health Required to Pay Penalty, Update Security in Data-Breach Settlement

Agreement with Attorney General's Office stemming from incidents that exposed more than 50,000 patient records includes $2 million fine

The California Attorney General’s Office  on Wednesday announced a $2 million settlement with Cottage Health regarding two unrelated data breaches, in which medical information from more than 50,000 patients was made publicly searchable online Click to view larger
The California Attorney General’s Office on Wednesday announced a $2 million settlement with Cottage Health regarding two unrelated data breaches, in which medical information from more than 50,000 patients was made publicly searchable online (Giana Magnoli / Noozhawk file photo)

The California Attorney General’s Office  on Wednesday announced a $2 million settlement with Cottage Health regarding two unrelated data breaches, in which medical information from more than 50,000 patients was made publicly searchable online.

In addition to the penalty payment, the settlement requires Cottage Health, which operates the Santa Barbara, Goleta and Santa Ynez Cottage Hospitals, to update its data-security practices, according to Attorney General Xavier Becerra’s Office.

Cottage Health also will be required to have an employee serve as chief privacy officer, and conduct risk assessments.

The complaint filed by the Attorney General’s Office alleges that Cottage Health failed to adequately protect patient health information and personal information, and breaches made it accessible and searchable online.

One of Cottage's servers for medical information was connected to the internet without encryption or other permissions that would prevent unauthorized access, according to the Attorney General’s office.

“When patients go to a hospital to seek medical care, the last thing they should have to worry about is having their personal medical information exposed. The law requires health care providers to protect patients' privacy. On both of these counts, Cottage Health failed,”  Becerra said in a statement. 

More than 50,000 patients had personal and medical information compromised from 2011 to 2013, and another 4,500 patients in 2015, the state alleged.

“This settlement involves unrelated data incidents that occurred in 2013 and 2015,” Cottage Health said in a statement Wednesday. “Once we learned of the incidents, our information security team worked to provide quick resolutions. There is no indication that data was used in any malicious way.

“At Cottage Health, we have used this learning to strengthen our system security layers for improved detection and mitigation of vulnerabilities. Upgrades include new system monitoring, firewalls, network intrusion detection, and access management protocols to help protect private data. 

“We value the trust of our community and are committed to continuous advances in technology that enable us to protect patient privacy while providing authorized care providers the timely and effective data needed for medical treatments.”

Noozhawk managing editor Giana Magnoli can be reached at .(JavaScript must be enabled to view this email address). Follow Noozhawk on Twitter: @noozhawk, @NoozhawkNews and @NoozhawkBiz. Connect with Noozhawk on Facebook.

  • Ask
  • Vote
  • Investigate
  • Answer

Noozhawk Asks: What’s Your Question?

Welcome to Noozhawk Asks, a new feature in which you ask the questions, you help decide what Noozhawk investigates, and you work with us to find the answers.

Here’s how it works: You share your questions with us in the nearby box. In some cases, we may work with you to find the answers. In others, we may ask you to vote on your top choices to help us narrow the scope. And we’ll be regularly asking you for your feedback on a specific issue or topic.

We also expect to work together with the reader who asked the winning questions to find the answer together. Noozhawk’s objective is to come at questions from a place of curiosity and openness, and we believe a transparent collaboration is the key to achieve it.

The results of our investigation will be published here in this Noozhawk Asks section. Once or twice a month, we plan to do a review of what was asked and answered.

Thanks for asking!

Click Here to Get Started >

Support Noozhawk Today

You are an important ally in our mission to deliver clear, objective, high-quality professional news reporting for Santa Barbara, Goleta and the rest of Santa Barbara County. Join the Hawks Club today to help keep Noozhawk soaring.

We offer four membership levels: $5 a month, $10 a month, $25 a month or $1 a week. Payments can be made through PayPal below, or click here for information on recurring credit-card payments.

Thank you for your vital support.

Maestro, Mastercard, Visa, American Express, Discover, Debit

Reader Comments

Noozhawk is no longer accepting reader comments on our articles. Click here for the announcement. Readers are instead invited to submit letters to the editor by emailing them to [email protected]. Please provide your full name and community, as well as contact information for verification purposes only.

Daily Noozhawk

Subscribe to Noozhawk's A.M. Report, our free e-Bulletin sent out every day at 4:15 a.m. with Noozhawk's top stories, hand-picked by the editors.

Sign Up Now >