FULLERTON (CBS) — The patients of two Orange County hospitals may have inadvertently had their private health records exposed to outside search engines for a year.

Thousands of patients treated at St. Jude Medical Center in Fullerton and Mission Hospital in Laguna Beach were affected by a security glitch that allowed people to search and find medical records that should have been protected on each hospital’s internal computer network. The private information that was unprotected included patient names, body mass index (BMI), lab results, medication allergies and diagnoses lists.

The hospitals say Social Security numbers, addresses or financial data were not disclosed or made publicly accessible.

The discovery was made on Feb. 8. The patients whose records were exposed were treated between February and August 2011 and those records were accessible on the Internet since about February 2011.

The hospitals say they have corrected their security settings and are partnering with Kroll Information Assurance, Inc. to offer affected patients identity theft and credit monitoring and restoration coverage for a year.

Both hospitals are part of the St. Joseph Health System.