Computer With Patient Database Stolen From Sutter Medical Foundation
SACRAMENTO (CBS13) -- A company-issued desktop computer with patient information was stolen from Sutter Medical Foundation's administrative offices in Sacramento the weekend of Oct. 15, the health group announced Wednesday.
Information on nearly 4.3 million patients was included in a database on the computer, the health group said. The computer stolen was password-protected but unencrypted, the health group said. Encryption technology scrambles a computer's data in a way that makes it difficult for an unauthorized user to retrieve the information.
After the discovery of the theft, Sutter Health immediately reported it to the Sacramento Police Department and began an internal investigation. The computer did not contain patient financial records, Social Security numbers, patients' health plan identification numbers or medical records.
However, while no medical records themselves were on the computer, some medical information was included for a portion of patients.
After an internal review, Sutter Health discovered that the stolen computer contained a database that included two types of information. According to a press release from the health group:
- For approximately 3.3 million patients whose health care provider is supported by Sutter Physician Services, the database included the following patient demographic information dated from 1995 to January 2011: name, address, date of birth, phone number and email address (if provided), medical record number and the name of the patient's health insurance plan. SPS is an organization that provides billing and managed care services for health care providers with which it contracts, including facilities within the Sutter Health network. Patients who think they may be affected should visit www.sutterhealth.org/noticeforpatients to see the list of impacted health care providers.
- For about 943,000 Sutter Medical Foundation patients, the database contained the above demographic data as well as the following information dated from January 2005 to January 2011: dates of services and a description of medical diagnoses and/or procedures used for business operations. Because the data of SMF patients was broader in scope, the health group said it has begun the process to notify these patients by mail. Patients should receive letters no later than Dec. 5.
Sutter Health has established a toll-free help line to answer questions and assist patients in determining whether their data was on the computer. Any concerned patients can call toll-free at (855) 770-0003, Monday through Friday from 8 a.m. to 5 p.m.. When prompted, patients should enter this 10-digit reference code: 7637111511.
"Sutter Health holds the confidentiality and trust of our patients in the highest regard, and we deeply regret that this incident has occurred," said Sutter Health President and CEO Pat Fryin a prepared statement. "The Sutter Health Data Security Office was in the process of encrypting computers throughout our system when the theft occurred, and we have accelerated these efforts."
Sutter Health said it is also reinforcing security practices across its system.
