After a data system security test discovered an exposed network server, Santa Barbara, Calif.-based Cottage Health notified approximately 11,000 patients some of their information may was exposed.
Cottage Health employed a team of cybersecurity experts to test its data system security and found a server was exposed between Oct. 26 and Nov. 8.
Exposed information includes patient names, addresses, Social Security numbers and "limited" medical information, such as diagnoses and procedures. Cottage Health reports no evidence suggesting driver's license numbers or financial information was compromised, and the system has no indication any information was misused.
"We are deeply sorry and regret any inconvenience or concern this may cause. We value our patients' trust and will continue rigorous testing of our systems, using the latest technology to safeguard data," Cottage Health said in a statement.
More articles on data breaches:
Lahey to pay $850k HIPAA settlement for 2011 data breach
Quest Diagnostics faces class action lawsuit following data breach: 3 things to know
Why healthcare organizations are vulnerable to attack