Sutter Health Data Breach (2011)

Sutter Health, a healthcare system in northern California, reported that an unencrypted laptop containing personal information on more than four million patients was stolen from its Sacramento offices. Sutter Health announced Nov. 16 that it first learned of the theft on Oct. 17, reported it to the Sacramento Police Department, and began an internal investigation into the theft. The laptop contained patient names, addresses, dates of birth, phone numbers, email addresses, medical record numbers, and health insurance plan providers on 3.3 million patients who used Sutter Physician Services, a provider of billing services for healthcare providers. The affected healthcare providers include Albany Family Practice, various Alta Bates medical facilities, Central Valley Medical Group, County of Yolo Department of Health, Eden Medical Center, Family Doctor Medical Group, Oakcare Medical Group, San Leandro Hospital, and various Sutter Health facilities. The laptop contained additional information on 943,000 patients of Sutter Medical Foundation (SMF), including dates of service and medical diagnoses and procedures. Patients who were seen by the facility between January 2005 and January 2011 are affected. Because the data of SMF patients was broader in scope, SMF has begun the process to notify these patients by mail. Patients should receive letters no later than Dec. 5, 2011, Sutter Health said. In response to the breach, Sutter Health said it has accelerated efforts to encrypt all computers and has implemented routine security software updates. Sutter Health also will be reinforcing security practices with staff systemwide.