As a third-party vendor removed electronic security protections from one of the servers, data of 32,755 patients of Cottage Health System of California was exposed on Google. The affected patients were notified about the data breach incident. Patients treated at Goleta Valley Cottage Hospital, Santa Ynez Valley Cottage Hospital and Santa Barbara Cottage Hospital between September 29, 2009, and December 2, 2013 may have been affected by this data breach.
The possible data compromised included patient names, addresses, dates of birth and very limited protected health information for some patients related to diagnosis, lab results and procedures performed. The file did not include any Social Security numbers, driver’s license numbers, health insurance numbers, bank account numbers or any other financial information.
The Cottage Health announcement stated that it quickly removed the server from service and conducted a review of all servers to ensure that appropriate security measures are in place. To avoid reoccurrence, it’s conducting a security protocol audit and implementing additional measures. The organization has offered affected patients a toll-free phone number and identity management services through ID Experts.
Steve Fellows, executive vice president, chief operating officer and chief compliance officer at Cottage said “We deeply regret this incident. Cottage takes its obligation to protect health information very seriously and is taking aggressive steps to safeguard against this type of incident in the future. We want to assure our patients that we are doing a thorough review and have systems in place to address their concerns. We understand that the security vulnerability by our vendor was unintentional and we have no reason to suspect that the limited data exposed might be misused.”
Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.