Cottage Reports Another Records Breach

As Many as 11,000 Patient Records Were Exposed on Google, Bing

Cottage Health CEO and President Ron Werft notified hospital administrators of a cyber security breach affecting the protected health information of as many as 11,000 Cottage patients at the hospital’s three main campuses. The breach, he said, took place between October 26 and November 8.

“As a result of the server being exposed, search engines including Google and Bing indexed a limited amount of PHI [protected health information],” Werft wrote. “We immediately requested that the information be removed and have confirmed the information was taken down last week.” That information, he said, included patients’ names, addresses, Social Security numbers, and medical information relating to diagnosis and prognosis.

Werft stated there was no information to indicate any of this information has been misused, but said the exposure was being tracked by “outside forensic experts” to determine what, if any, impact there’s been. He said the breach was discovered by the hospital’s information security team.

Two years ago, Cottage reported a possible breach affecting the records of 32,500 patients that took place between October and December 2013. Going back to 2009, Cottage reported as many as 18,000 more could have been involved. Werft stated that Cottage hopes to engage the services of a new information technology management team on a consulting basis, while also looking for a new Chief Information Officer. After that, he announced, Cottage would begin looking for a new director of technology operations.

In the meantime, any patients concerned about their records have been advised to call Cottage’s identity protection services at 1-877-866-6056 or visit the webpage. Werft’s announcement comes shortly after the Santa Barbara County Public Health Department reported a more limited records breach of its own.

To submit a comment on this article, email or visit our Facebook page. To submit information to a reporter, email

Be succinct, constructive, and relevant to the story. Leaving a comment means you agree to our Discussion Guidelines. We like civilized discourse. We don't like spam, lying, profanity, harassment or personal attacks.

comments powered by Disqus
event calendar sponsored by:

Evacuees Across Santa Barbara County Allowed Back Home This Evening

Mandatory evacuation order lifted for all burn areas.

New Scam Involves ‘Ground Stability Testing’

Fake 'land tech' tried to enter a home on the Westside.

Family Sues Santa Barbara County Sheriff’s Office For Wrongful Death

Five deputies shot Bryan Carreño 20 times.

County Race for Auditor-Controller Turns Ugly

An unexpected bloodbath erupts between Jen Christensen and Betsy Schaffer.

Gun Restraining Order Used 20 Times in Santa Barbara County

Only Los Angeles County used the order more frequently.