Cottage Health CEO and President Ron Werft notified hospital administrators of a cyber security breach affecting the protected health information of as many as 11,000 Cottage patients at the hospital’s three main campuses. The breach, he said, took place between October 26 and November 8.
“As a result of the server being exposed, search engines including Google and Bing indexed a limited amount of PHI [protected health information],” Werft wrote. “We immediately requested that the information be removed and have confirmed the information was taken down last week.” That information, he said, included patients’ names, addresses, Social Security numbers, and medical information relating to diagnosis and prognosis.
Werft stated there was no information to indicate any of this information has been misused, but said the exposure was being tracked by “outside forensic experts” to determine what, if any, impact there’s been. He said the breach was discovered by the hospital’s information security team.