Cottage Health System is notifying about 32,500 of its patients that their medical records may have been exposed due to a "security incident."
The records involve patients treated at Santa Barbara Cottage Hospital, Goleta Valley Cottage Hospital and Santa Ynez Valley Cottage Hospital between September 29, 2009 and December 2, 2013.
In a statement released to the media on Wednesday afternoon, Cottage revealed that on December 2, a third party vendor appeared to have removed electronic security protections from one of its servers without informing Cottage officials. Information stored on the server may have been exposed as a result. However, Cottage is telling its patients that there is no evidence to suggest that anyone has used the information in any way.
The information possibly put at risk for each patient includes their name, address, date of birth, and some protected health information such as diagnosis, lab results and procedures performed. Social Security numbers, driver's license numbers, health insurance numbers, bank account numbers or any other financial information was not jeopardized, according to the Cottage statement.
The server was removed from service once Cottage officials were notified of the problem and a review of all servers was completed.
Cottage has mailed letters to all of the patients possibly impacted.
"We deeply regret this incident. Cottage takes its obligation to protect health information very seriously and is taking aggressive steps to safeguard against this type of incident in the future," said Steve Fellows, Executive Vice President, COO and Chief Compliance Officer at Cottage.
Fellows also believes the security incident by the vendor was unintentional.
Patients who have questions can call ID Experts at 1-877-264-9632.