California's Cottage Health System recently began notifying 32,755 patients that their personal information may have been exposed when a third-party vendor mistakenly removed electronic security protections from one of its servers, exposing some of the data stored on the server (h/t HealthITSecurity).
The issue was only discovered when Cottage Health System received a voicemail on December 2, 2013 informing them that a file containing patient health information was accessible on Google.
The data potentially exposed includes each patient's name, address, birthdate, medical record number, account number, and health information including diagnosis, lab results, and procedures performed at Goleta Valley Cottage Hospital or Santa Barbara Cottage Hospital.
"We want to ... assure you we have taken steps to prevent this type of event from happening again including reviewing service relationships with third party vendors, expanding and increasing the frequency of internal and external security checks and enhancing our 'change notification system,'" Cottage Health System executive vice president, chief operating officer and chief compliance officer Steven A. Fellows wrote in the notification letter [PDF].https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
All those affected are being offered one free year of identity theft protection services through ID Experts.