DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Update on Cottage Health System breach

Posted on September 11, 2014 by Dissent

In December 2013, I reported on a breach involving Cottage Health System.

In their notification to patients, which I included in that post, Cottage Health indicated that about 32,500 patients had their information exposed when a vendor removed security controls on a server. That vendor was later identified as InSync.

On September 4 of this year, HHS added the incident to their public breach tool with this entry:

Cottage Health System, CA,”InSync Computer Solutions, Inc.”, 50918, 03/11/2012, Other, Network Server, 09/04/2014,

It is not clear to me why the HHS entry shows 50,918 for the number of patients affected. Did Cottage Health subsequently update their report of the number affected?

But the HHS log also reveals another detail not disclosed in Cottage Health’s statement in 2013:  the incident occurred on March 11, 2012. So patient information was exposed for nine months before Cottage Health became aware of the problem?

Of course, it’s reasonable to ask why InSync Computer Solutions never noticed their error, but Cottage Health is the entity that patients trusted with their information.

The incident does not appear as a closed investigation, so it will be interesting to see what HHS does in terms recommendations or requirements for the covered entity and its business associate.

UPDATE: In a 2015 report on a subsequent breach, NoozHawk clarified the discrepant numbers reported in this case:

In the 2013 incident, Cottage notified some 32,500 patients that their information may have been exposed by a data breach that occurred between Oct. 8 and Dec. 2 of that year.

Cottage subsequently notified another 18,000 patients about potential exposure during an expanded period — Feb. 20, 2009, to Dec. 2, 2013.

Category: Uncategorized

Post navigation

← HHS breach tool: When "theft" doesn't mean what you think it means
Midwest Women's Healthcare Specialists breach may have affected over 1,300 patients →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.