Woodsville, N.H.-based Cottage Hospital has begun notifying patients after discovering that an unauthorized party accessed parts of its computer network late last year, potentially exposing sensitive patient information.
The hospital began mailing notification letters Feb. 5 to certain patients whose information was involved in the data security incident. The breach was discovered Dec. 8, when the hospital learned that an unauthorized party had gained access to its network and removed some files.
An internal investigation found the unauthorized access occurred between Oct. 14 and Oct. 21, 2025, and was limited to files stored on a single server, according to a press release from the hospital. The incident did not involve the hospital’s EHR system and did not disrupt patient care or hospital operations.
As part of its review, the hospital identified files containing patient information, including names and, in some cases, additional personal and medical details. Those details may include contact information, dates of birth, health insurance information, provider names, internal patient identification numbers, dates of service, medication information and treatment or diagnostic information, the release stated.
Cottage Hospital is advising affected patients to closely review statements from healthcare providers and health insurance plans and to report any services they do not recognize.
The hospital plans to continue implementing and evaluating enhanced safeguards and security measures and to provide ongoing security training for employees.
