After a laptop computer was stolen in October, Sacramento, California’s Sutter Health is informing over 3.3 million patients that information in their records is presumed stolen. The upside is that no financial information was lost, and the company used the notification delay to fix a major mistake.
The missing data was stored on a “password-protected unencrypted desktop computer” that was stolen towards the middle of October. One month later, Sutter Physician Services (SPS) and Sutter Medical Foundation (SMF) are coming forward with a mia culpa.
Sutter is reporting that for 3.3 million patients whose health care provider is supported by SPS, the stolen system included their name, address, date of birth, phone number and email address (if provided), medical record number and the name of the patient’s health insurance plan.
Another 943,000 SMF patients lost the exact same information, in addition to details on dates of services and a description of medical diagnoses and/or procedures used for business operation. SMF patents should be receiving notifications in the mail soon.
The medical groups said that they “worked hard” to notify patients sooner, but they “wanted to make sure we fully understood what data was contained on the stolen computer” in order to give comprehensive and accurate information.
In response to the theft, Sutter Health Data Security Office has already encrypted portable laptops and blackberries system wide.
According to a statement, they were “…in the process of encrypting desktop computers throughout the system when the theft took place. We have since accelerated our efforts to encrypt all computers and have implemented routine security software updates.”
“Sutter Health holds the confidentiality and trust of our patients in the highest regard, and we deeply regret that this incident has occurred,” said Sutter Health President and CEO Pat Fry.