A spokeswoman for Las Vegas-based M2ComSys did not immediately return a message left Friday.
The unprotected data included follow-up care information about patient cases. Genesis spokesman Ken Croken said there is no evidence that identity theft has occurred, and no Social Security numbers or financial information was involved.
Croken said officials were concerned that Quad-City area residents, which will receive letters about the lapse, would have questions.
"We did feel an ethical need to notify people," he said.
Croken added that Genesis, which was not responsible for the incident, has never had a data security lapse. Croken said the future of its relationship with Cogent Healthcare will be determined soon.
"Consumers should expect that this information remains secure," he said.
Cogent Healthcare, which is based in Brentwood, Tenn., said the health information of about 32,000 patients nationwide was exposed. The company will offer affected patients a complimentary one-year membership in a program that offers identity theft protection and daily credit bureau monitoring. It has ended its relationship with M2ComSys.