Cottage Hospital Data Breach Exposes Sensitive Patient and Employee Information
Cottage Hospital recently disclosed a data breach in which unauthorized access to its computer network may have compromised sensitive personal and health-related information. The incident came to light on December 8, 2025, when the hospital detected unauthorized activity on its systems.
An investigation revealed that an unauthorized third party accessed files containing protected data between October 14 and October 21, 2025. The exposed information varies by individual but includes:
- Personal identifiers (names, Social Security numbers, driver’s license numbers, dates of birth)
- Financial details (bank account information)
- Contact information
- Health data (insurance details, medical records, treatment history, provider names, and internal patient IDs)
Following the breach, Cottage Hospital posted a notice on its website and began mailing notifications to affected individuals on February 6, 2026. As part of the response, the hospital is offering complimentary credit monitoring services to impacted parties and providing details on the specific data exposed. The breach notice, including additional information, is available on the hospital’s website.
Source: https://straussborrelli.com/2026/02/09/cottage-hospital-data-breach-investigation/
Cottage Health cybersecurity rating report: https://www.rankiteo.com/company/cottage-health
"id": "COT1770840181",
"linkid": "cottage-health",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'name': 'Cottage Hospital',
'type': 'Hospital'}],
'customer_advisories': 'Complimentary credit monitoring services offered to '
'impacted parties',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal identifiers (names, '
'Social Security numbers, '
'driver’s license numbers, dates '
'of birth)',
'Financial details (bank account '
'information)',
'Contact information',
'Health data (insurance details, '
'medical records, treatment '
'history, provider names, '
'internal patient IDs)']},
'date_detected': '2025-12-08',
'date_publicly_disclosed': '2026-02-06',
'description': 'Cottage Hospital recently disclosed a data breach in which '
'unauthorized access to its computer network may have '
'compromised sensitive personal and health-related '
'information. The incident came to light on December 8, 2025, '
'when the hospital detected unauthorized activity on its '
'systems. An investigation revealed that an unauthorized third '
'party accessed files containing protected data between '
'October 14 and October 21, 2025. The exposed information '
'varies by individual but includes personal identifiers, '
'financial details, contact information, and health data.',
'impact': {'data_compromised': 'Sensitive personal and health-related '
'information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Computer network'},
'investigation_status': 'Completed',
'references': [{'source': 'Cottage Hospital Website'}],
'response': {'communication_strategy': 'Posted notice on website and mailed '
'notifications to affected '
'individuals'},
'title': 'Cottage Hospital Data Breach Exposes Sensitive Patient and Employee '
'Information',
'type': 'Data Breach'}