Cottage Hospital in Santa Barbara recently sent out notice letters to as many as 11,000 patients telling them their personal, financial andmedical information had been exposed. The exposed information included names, addresses, Social Security numbers and medical information.

Cottage Hospital placed a notice of the breach on their website, blaming the breach on a single server that was exposed between October 26, 2015 and November 8, 2015.

What Happened?

A cottage hospital server placed names, addresses, Social Security numbers and medical information on the internet. This means that more than 11,000 people had their medical information publically disclosed.

How Did It Happen?body-img1

A Cottage Hospital server was placed in a location that was connected to the internet. Our investigation believes that the server was improperly configured, and was placing information into a location that publically disclose the medical records by making them accessible by Google. Our investigation is still ongoing.

Why Did It Happen?

Cottage Hospital has not taken the proper security measures to protect patient data. This is not the first time this has occurred. We represented more than 49,000 patients in 2014 and 2015 for a class action lawsuit against Cottage Hospital for a separate and distinct data breach.body-img2

What Can I Do?

You do not have to do anything. However, if you are interested in participating in our ongoing investigation, or if you are upset and would like to be a class action representative against Cottage Hospital, please contact our law firm. We have litigated a very similar case to this already, and we cannot believe this happened again.

Data breach lawsuits are becoming much more common. Recent data breach lawsuits against Target stores have resulted in millions of dollars in settlements and fines. In California, there are laws in place that protect the disclosure of your personal financial information. There are also State and Federal laws, including HIPAA, that protect your medical data from unauthorized access. These laws are strict and carry penalties for those individuals or companies that wrongfully allow your personal information to be accessed. Those who have had their personal information exposed may also be entitled to compensation.

How Will I Know If My Information Has Been Exposed?

You will get a letter in the mail from Cottage Hospital that says something along the lines of, “Your medical information may have been exposed between October 26, 2015 and November 8, 2015.” The letter will often be titled as a notification. If you receive this letter from Cottage Hospital, or an organization on behalf of Cottage Hospital, your medical data has likely been released. The letter is an attempt at damage control designed to direct you to sign up for their credit monitoring services and identity protection.

Sadly, these services cannot fix the fact that your medical information has been exposed. Cottage Hospital also offers an Identity Protection Toolkit, 12 months of recovery services and other programs through myIDcare. It is not necessary to sign up for these services. If you get this letter, your data most likely has been exposed, and you should strongly consider obtaining a lawyer.