A Davenport, Iowa, company has alerted nearly 1,200 former hospital patients about a website data security lapse that exposed their names and birth dates to identity theft.

Genesis Health System, which issued the warning, said a medical transcription firm didn't establish a firewall to protect online information from May 5 to June 24, the Quad-City Times reported. The firm, M2ComSys, was contracted by Cogent Healthcare, which provides physicians to two Genesis Medical Center hospitals in Davenport and the Genesis Medical Center-Illini Campus in Silvis, Ill.

A spokeswoman for Las Vegas-based M2ComSys did not immediately return a message left Friday.

The unprotected data included follow-up care information about patient cases. Genesis spokesman Ken Croken said there is no evidence that identity theft has occurred, and no Social Security numbers or financial information was involved.

Croken said officials were concerned that Quad-City area residents, which will receive letters about the lapse, would have questions.

"We did feel an ethical need to notify people," he said.

Croken added that Genesis, which was not responsible for the incident, has never had a data security lapse. Croken said the future of its relationship with Cogent Healthcare will be determined soon.

"Consumers should expect that this information remains secure," he said.

Cogent Healthcare, which is based in Brentwood, Tenn., said the health information of about 32,000 patients nationwide was exposed. The company will offer affected patients a complimentary one-year membership in a program that offers identity theft protection and daily credit bureau monitoring. It has ended its relationship with M2ComSys.