Cottage Health System Security Inspection Exposes 11K-Record Data Break

On Tuesday Cottage Health System informed its 11,000 sick persons to instruct them that a few of their PHIs were revealed as a consequence of a server occurrence that happened in October 2015.

For two weeks, patients had their names and addresses, details of medicinal findings and processes, and their Social Security numbers displayed as a consequence of shelters being detached from a server. An announcement publicized by Cottage Health shows no Driver’s license numbers or financial information was revealed in the incident

The safety break was found on 8th November and brought about the affected server being brought offline and safeguarded. Upon inquiry, Cottage Health concluded that patient data initially became reachable on October 26, 2015.

An outer computer forensics company has been hired to carry out a complete inquiry into the safety break to decide whether any of the files were retrieved during the time they were reachable. At this point, no info has been issued to show whether the security break was triggered by an outer third party or an inner mistake.

It doesn’t seem that any files have been retrieved during the period they were reachable, even though the complete forensic inquiry should explain this, and the intensity of risk confronted by impacted patients.

Cottage Health Organization helps sick persons in Southern California via its setup of hospitals: Cottage Children’s Medical Center, as well as Cottage Rehabilitation Hospital. This isn’t the first time its patients have had their secrecy breached as a consequence of a server happening of this type.

Two years back, the health system found server safeguards had been unintentionally turned off. That safety break was the outcome of a mistake made by one of the health system’s business partners, InSync Computer Solutions, Inc. The security break was originally believed to have affected 32,500 patients, even though additional 18,418 patients were consequently found to have also been impacted. As a consequence of the taking away of security safeguards, patient PHI was noted by Google.

A litigation was recorded versus the health system for the revelation of sick persons’ PHI, which Cottage Health resolved for $4.125 million. A big part of that agreement was outstanding against the insurance firm of the health system, Columbia Casualty. Nevertheless, Cottage Health was sued by Columbia Casualty claiming several security breakdowns added to the source of the break. The insurance policy compelled Cottage Health to apply a lot of controls to decrease risk.

Although Columbia Casualty tried to get out of covering the agreement, the litigation was thrown out in July 2015.

Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.