Thursday, February 22 , 2018, 7:21 pm | Fair 50º


Local News

Cottage Health System Data Breach May Have Impacted 18,000 More Patients Than First Suspected

A data breach of protected health information at Cottage Health System may have impacted thousands more patients than initially suspected.

Last year, Cottage Health System discovered that one of its servers had the electronic protections disabled, resulting in the exposure of certain information, according to a letter sent to patients.

Cottage recently discovered that approximately 18,000 additional patients may have been impacted by the data exposure, beyond the initial 32,500 notified in December 2013.

A class-action lawsuit was filed against Cottage Health System, claiming that the confidential information of more than 32,000 patients was put online for anyone to read, and was public for almost two months before the hospital system noticed.

The lawsuit also names inSync, a Laguna Hills-based company responsible for putting the records in a secure location online.

Brian Kabatek, one of the attorneys representing the class-action plaintiffs, told Noozhawk he believes the new patients are part of the same security breach and that his firm is working to discover what that will mean for the lawsuit.

"This may, however, be much bigger than we originally thought," he said.

The 15-page complaint filed earlier this year states that between Oct. 8 and Dec. 2 of 2013, the confidential medical records of about 32,500 patients affiliated with the Cottage Health System were negligently disclosed and released to the public on the Internet.

In early July, Cottage sent out more letters to patients, acknowledging that their information could be a part of the data breach as well. The time frame also expanded, including patients who sought treatment at any of the three hospitals between Feb. 20, 2009, and Dec. 2, 2013.

Cottage officials say there is no evidence to suggest that anyone has used the information contained on this server in any way.

The potentially exposed files contained information including the name, address, date of birth and very limited protected health information for some patients related to diagnosis, lab results and procedures performed, Cottage officials have said.

The files did not include any Social Security numbers, driver's license numbers, health insurance numbers, bank account numbers or any other financial information, and officials with the health organization maintain that they immediately removed the server from service and conducted a review of all servers to ensure that appropriate security measures are in place.

“We deeply regret this incident," Steve Fellows, Cottage Health System's executive vice president, COO and chief compliance officer, said in a statement. "Cottage takes its obligation to protect health information very seriously and is taking aggressive steps to safeguard against this type of incident in the future."

Cottage is encouraging patients with questions regarding whether their protected health information may have been exposed to contact ID Experts at 877.846.7856.

Noozhawk staff writer Lara Cooper can be reached at .(JavaScript must be enabled to view this email address). Follow Noozhawk on Twitter: @noozhawk, @NoozhawkNews and @NoozhawkBiz. Connect with Noozhawk on Facebook.

  • Ask
  • Vote
  • Investigate
  • Answer

Noozhawk Asks: What’s Your Question?

Welcome to Noozhawk Asks, a new feature in which you ask the questions, you help decide what Noozhawk investigates, and you work with us to find the answers.

Here’s how it works: You share your questions with us in the nearby box. In some cases, we may work with you to find the answers. In others, we may ask you to vote on your top choices to help us narrow the scope. And we’ll be regularly asking you for your feedback on a specific issue or topic.

We also expect to work together with the reader who asked the winning questions to find the answer together. Noozhawk’s objective is to come at questions from a place of curiosity and openness, and we believe a transparent collaboration is the key to achieve it.

The results of our investigation will be published here in this Noozhawk Asks section. Once or twice a month, we plan to do a review of what was asked and answered.

Thanks for asking!

Click here to get started >

Support Noozhawk Today

You are an important ally in our mission to deliver clear, objective, high-quality professional news reporting for Santa Barbara, Goleta and the rest of Santa Barbara County. Join the Hawks Club today to help keep Noozhawk soaring.

We offer four membership levels: $5 a month, $10 a month, $25 a month or $1 a week. Payments can be made through PayPal below, or click here for information on recurring credit-card payments.

Thank you for your vital support.

Reader Comments

Noozhawk is no longer accepting reader comments on our articles. Click here for the announcement. Readers are instead invited to submit letters to the editor by emailing them to [email protected]. Please provide your full name and community, as well as contact information for verification purposes only.

Daily Noozhawk

Subscribe to Noozhawk's A.M. Report, our free e-Bulletin sent out every day at 4:15 a.m. with Noozhawk's top stories, hand-picked by the editors.

Sign Up Now >