Cottage Hospital Data Breach Exposes Sensitive Information of Over 2,100 Individuals
On January 27, 2026, Cottage Hospital disclosed a data breach affecting 2,156 individuals across the U.S., with the majority 1,138 residing in New Hampshire. Additional impacted individuals included 83 in Maine and 62 in Massachusetts.
The breach involved unauthorized access to a file server within the hospital’s network between October 14 and October 21, 2025, though the intrusion was not detected until December 8, 2025. Exposed data included names, Social Security numbers, driver’s license numbers, and in some cases, bank account details. Patients’ medical and health insurance information may have also been compromised.
The hospital reported the incident to the attorneys general offices of Maine, Massachusetts, New Hampshire, and Vermont. Written notifications were sent to affected individuals on February 6, 2026, with a public notice posted on the hospital’s website.
In response, Cottage Hospital engaged third-party cybersecurity experts to investigate and contain the breach. The hospital has since implemented enhanced security measures and continues to assess additional safeguards, including ongoing employee training.
Affected individuals were offered a complimentary one-year membership to Experian’s IdentityWorks credit monitoring and identity theft protection service, covering credit monitoring, fraud consultation, and identity restoration. A dedicated call center (833-918-4978) was established to assist those impacted. The hospital’s notification letter, including activation instructions for the service, is available on its website.
Source: https://www.claimdepot.com/data-breach/cottage-hospital-2026
Cottage Hospital cybersecurity rating report: https://www.rankiteo.com/company/cottage-hospital
"id": "COT1770703474",
"linkid": "cottage-hospital",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2156',
'industry': 'Healthcare',
'location': 'United States',
'name': 'Cottage Hospital',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized access to file server',
'customer_advisories': 'Complimentary one-year membership to Experian’s '
'IdentityWorks credit monitoring and identity theft '
'protection service offered to affected individuals. '
'Dedicated call center (833-918-4978) established for '
'assistance.',
'data_breach': {'number_of_records_exposed': '2156',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Social Security numbers',
'Driver’s license numbers',
'Bank account details',
'Medical information',
'Health insurance information']},
'date_detected': '2025-12-08',
'date_publicly_disclosed': '2026-01-27',
'description': 'Cottage Hospital disclosed a data breach affecting 2,156 '
'individuals across the U.S. The breach involved unauthorized '
'access to a file server within the hospital’s network between '
'October 14 and October 21, 2025. Exposed data included names, '
'Social Security numbers, driver’s license numbers, and in '
'some cases, bank account details. Patients’ medical and '
'health insurance information may have also been compromised.',
'impact': {'data_compromised': 'Names, Social Security numbers, driver’s '
'license numbers, bank account details, '
'medical and health insurance information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'File server within the hospital’s network'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Enhanced security measures, '
'ongoing employee training, '
'additional safeguards '
'assessment'},
'references': [{'source': 'Cottage Hospital Website'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to attorneys '
'general offices of '
'Maine, Massachusetts, '
'New Hampshire, and '
'Vermont'},
'response': {'communication_strategy': 'Written notifications sent to '
'affected individuals, public notice '
'posted on hospital’s website, '
'dedicated call center established',
'containment_measures': 'Enhanced security measures implemented',
'remediation_measures': 'Ongoing employee training, additional '
'safeguards assessment',
'third_party_assistance': 'Engaged third-party cybersecurity '
'experts to investigate and contain '
'the breach'},
'title': 'Cottage Hospital Data Breach Exposes Sensitive Information of Over '
'2,100 Individuals',
'type': 'Data Breach'}