Health system fined $2 million for making patient data public online — twice

Cottage Health System and affiliated hospitals in California have agreed to a $2 million settlement with the state over failures to protect patient medical information. The health system failed to implement basic safeguards, resulting in two separate patient data breaches in 2013 and 2015. As part of the settlement, Cottage Health must upgrade security practices and designate a chief privacy officer for risk assessments. This settlement is part of a trend of organizations failing to secure online data, leading to more settlements of this kind.