.

Computer Stolen From Sutter Health Contained Patient Info From Bay Area Hospitals

Sutter says some patient information from San Leandro Hospital and Eden Medical Center and more than was breached. The incident is so serious that nearly a million patients will be notified by mail.

said Wednesday that a desktop computer containing data for 4.24 million patients was stolen from its headquarters in Sacramento over the weekend.

In a press release issued Wednesday Sutter said no Social Security numbers were kept on the stolen computer, which was not protected by encryption software.

But for nearly 1 million patients the data loss was serious enough that Sutter said they will be notified by mail.

The affected local facilities include and , as well as the Alta Bates Summit Medical Center in Berkeley, the Sutter East Bay Medical Foundation, which represents more than 200 health providers in 10 East Bay cities and almost two dozen more.

The information that was compromised was collected between 1995 and January 2011.

Sutter identified two classes of patient data affected by the breach.

For 3.3 million patients the following information was lost: Name, address, date of birth, phone number, email address (if provided), medical record number and the name of the patient’s health insurance plan.

Another 943,000 Sutter Medical Foundation patients were victims of a more serious data breach.

In addition to the information listed above, the lost data included the dates of service and descriptions of medical diagnoses and/or procedures used.

Sutter said these 943,000 patients would be notified by mail no later than Dec. 5 because the data loss in their case was "broader in scope."

Karen Barney, a spokeswoman for the nonprofit Identity Theft Resource Center in San Diego, explained why.

With a list of email addresses, identity thieves could go phishing —  that means trying to trick the recipient of a message into divulging Social Security and/or bank account numbers.

"The more information you give a predator the easier it is for them to trick you into thinking they are legit," Barney said.

Therefore if phishers get data about the dates and nature of treatments affecting this second group of patients, they would be in a better position to pull off a data theft, she said.

Sutter has established a toll-free helpline to answer questions and to help patients determine whether their data was included. Call (855) 770-0003 on weekdays from 8 a.m. to 5 p.m. 

When prompted, patients should enter this 10-digit reference code: 7637111511.

In addition to the two local hospitals, Sutter said the affected facilities include:

  • Albany Family Practice
  • Alta Bates Medical Associates
  • Alta Bates Medical Group
  • Alta Bates Summit Medical Center
  • Central Valley Medical Group
  • County of Yolo Department of Health
  • Family Doctor Medical Group
  • Oakcare Medical Group
  • Sutter Amador Hospital
  • Sutter Coast Hospital
  • Sutter East Bay Medical Foundation
  • Sutter Express Care
  • Sutter Gould Medical Foundation
  • Sutter Independent Physicians
  • Sutter Lakeside Hospital
  • Sutter Medical Centers of Sacramento
  • Sutter Medical Center of Santa Rosa
  • Sutter Medical Foundation
  • Sutter Pacific Medical Foundation

Sutter Chief Executive Officer Patrick Fry expressed his regrets for the breach and said steps have already been taken to make sure it never happens again.

The theft is being investigated by Sacramento police.

Sophie November 17, 2011 at 02:21 PM
I am pretty certain my info was in those records having been a pt at two of the facilities mentioned. I know that Sutter does not want employees to keep PHI on lap tops but rather save them to company files. This sounds like an employee issue. None-the-less, it should not have happened, and I hope that meaningful steps have been taken to prevent further breaches. Also imagine the cost of mailing a million letters! I can't wait to see what pitiful excuses are going to be in mine!
Fran November 17, 2011 at 04:01 PM
4.24 million patients. And I don't beleive social security numbers were not compromised. I'll be waiting for a letter also.
Creek Diva November 18, 2011 at 12:23 AM
Lovely. Summit East Bay Medical Center Orinda, don't you mean Oakland?
Kari Hulac November 18, 2011 at 03:40 PM
My mistake Creek Diva. We meant the Sutter East Bay Medical Foundation, which has dozens of East Bay offices, including Orinda. Thanks for pointing that out.
Creek Diva November 18, 2011 at 04:23 PM
@Kari, no problem with all the similar sounding names, it can get confusing. Thanks for the heads up! I'll be calling today to ask, crossing my fingers I'm not on that list.

Boards

More »
Got a question? Something on your mind? Talk to your community, directly.
Note Article
Just a short thought to get the word out quickly about anything in your neighborhood.
Share something with your neighbors.What's on your mind?What's on your mind?Make an announcement, speak your mind, or sell somethingPost something
See more »