$1B suit filed against Sutter Health over data breach

The theft of a  computer during a break-in in October has spurred a $1B class action lawsuit against Sutter Health, according to a report published today by the Sacramento Bee. The computer contained data on more than 4 million patients.

[See also: Room for improvement on security, HIMSS survey shows]

The suit was filed Nov. 21 in Sacramento Superior Court.

In a news release posted online by the Sacramento-based health system on Nov. 16, Sutter officials detailed the findings of its investigation into the theft and offered an apology.

[See also: 6 best ways to protect against health data breaches]

“Sutter Health holds the confidentiality and trust of our patients in the highest regard, and we deeply regret that this incident has occurred,” said Sutter Health President and CEO Pat Fry. “The Sutter Health Data Security Office was in the process of encrypting computers throughout our system when the theft occurred, and we have accelerated these efforts.”

Sutter Physicians Services (SPS) and Sutter Medical Foundation (SMF) – two affiliates within the Sutter Health network of care – announced the theft of a company-issued password-protected unencrypted desktop computer from SMF’s administrative offices in Sacramento the weekend of Oct. 15, 2011.

“Following discovery of the theft, Sutter Health immediately reported it to the Sacramento Police Department,” Sutter officials stated. “It also began an internal investigation. The computer did not contain patient financial records, social security numbers, patients’ health plan identification numbers or medical records. While no medical records themselves were on the computer, some medical information was included for a portion of patients.”

Sutter’s news release noted the investigation revealed that the computer contained two types of patient information: