Sutter Physicians Services (SPS) and Sutter Medical Foundation (SMF), a Sacramento, Calif.-based multi-specialty care provider, is the target of an expensive lawsuit because of a Mid-October Data Breach. The breach, which was announced in November and occurred in October, happened when a company-issued password-protected unencrypted desktop computer was stolen from SMF’s administrative offices.
The Sacramento Bee, the suit was filed by Dreyer Babich Buccola Wood, LLP, on behalf of plaintiff Karen Pardieck of Folsom, Calif. The suit seeks $1,000 for each patient as well as attorney fees.
According to Sutter, for 3.3 million patients affected patients, the stolen database included only the following patient demographic information dated from 1995 to January 2011: name, address, date of birth, phone number and email address (if provided), medical record number and the name of the patient’s health insurance plan.
For approximately 943,000 SMF patients, the database contained the above demographic data as well as the following information dated from January 2005 to January 2011: dates of services and a description of medical diagnoses and/or procedures used for business operations. Because the data of SMF patients was broader in scope, Sutter Medical Foundation has notified these patients by mail.
This was the largest data breach at Sutter. Much of the data was unencrypted.