Sutter Health said Tuesday that a company-issued password-protected unencrypted desktop computer that has millions of customer data files was stolen from the SMF's administrative offices in Sacramento this past weekend.
Once the company, which is based in Northern California, discovered that the computer was stolen it immediately reported it to the Sacramento Police Department and began an internal investigation.
Sutter Health said that the computer did not contain patient financial records, social security numbers, patients' health plan identification numbers or medical records.
But they said that while no medical records themselves were on the computer, some medical information was included for a portion of patients.
Sutter Health announced that following a thorough internal review they discovered that the stolen computer held a database that included two types of information including patients’ demographic information dated from 1995 to January 2011 as well as dates of services and a description of medical diagnoses and procedures used for business operations dated from January 2005 to January 2011.
The information Sutter Health provided can be found below:
1. For approximately 3.3 million patients whose health care provider is supported by Sutter Physician Services (SPS), the database included only the following patient demographic information dated from 1995 to January 2011: name, address, date of birth, phone number and email address (if provided), medical record number and the name of the patient's health insurance plan. SPS is an organization that provides billing and managed care services for health care providers with which it contracts, including facilities within the Sutter Health network. Patients who think they may be affected should visit www.sutterhealth.org to see the list of impacted health care providers.
2. For approximately 943,000 SMF patients, the database contained the above demographic data as well as the following information dated from January 2005 to January 2011: dates of services and a description of medical diagnoses and/or procedures used for business operations. Because the data of SMF patients was broader in scope, Sutter Medical Foundation has begun the process to notify these patients by mail. Patients should receive letters no later than Dec. 5.
If any patients are concerned that their information may have been in that computer they can call the toll free help like that Sutter Health established to answer questions and assist patients to determine whether their information was on the computer.
They can get this information by calling (855) 770-0003, Monday through Friday from 8 a.m. to 5 p.m. PST using the 10-digit reference code: 7637111511.
But patients should not be too concerned as the computer is password protected with encrypted technology which “scrambles each computer's data in a way that makes it very difficult for an unauthorized user to retrieve the information.”
"Sutter Health holds the confidentiality and trust of our patients in the highest regard, and we deeply regret that this incident has occurred," said Sutter Health President and CEO Pat Fry.
"The Sutter Health Data Security Office was in the process of encrypting computers throughout our system when the theft occurred, and we have accelerated these efforts."