The American College of Cardiology (ACC) has notified 1,400 institutions that some of their patient data may have been compromised after inadvertently being made available to a third-party vendor.

The organization redesigned the software for its national data registry and one table of patient data was copied into the software test environment sometime between 2009 and 2010. The incident was discovered in December, according to multiple reports.

Thousands of hospitals participate in the registry, providing data on patients and procedures to measure cardiovascular care. The ACC contacted all hospitals whose patient data may have been accessed and provided them with documentation of the organization's investigation into the incident.

One of the affected providers is Pensacola, Fla.-based Sacred Heart Health System. The ACC provided the health system with the names, birth dates, Social Security numbers and internal patient identification numbers of 532 patients who may have been compromised.

Sacred Heart posted a notificaiton on its website about the incident and had more patients involved than other affected providers. The ACC cannot share the names of other affected organizations due to confidentiality agreements, but the average number of patients involved per institution was fewer than 70.