DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Breaking: Sutter Health reports stolen desktop contained data on 4.2 million patients

Posted on November 16, 2011 by Dissent

Statement from Sutter Health today:

Sutter Physicians Services (SPS) and Sutter Medical Foundation (SMF) — two affiliates within the Sutter Health network of care — announced the theft of a company-issued password-protected unencrypted desktop computer from SMF’s administrative offices in Sacramento the weekend of Oct. 15, 2011. Following discovery of the theft, Sutter Health immediately reported it to the Sacramento Police Department. It also began an internal investigation. The computer did not contain patient financial records, social security numbers, patients’ health plan identification numbers or medical records. While no medical records themselves were on the computer, some medical information was included for a portion of patients.

Following a thorough internal review, Sutter Health discovered that the stolen computer held a database that included two types of information:

  1. For approximately 3.3 million patients whose health care provider is supported by Sutter Physician Services (SPS), the database included only the following patient demographic information dated from 1995 to January 2011: name, address, date of birth, phone number and email address (if provided), medical record number and the name of the patient’s health insurance plan. SPS is an organization that provides billing and managed care services for health care providers with which it contracts, including facilities within the Sutter Health network. Patients who think they may be affected should visitwww.sutterhealth.org/noticeforpatients to see the list of impacted health care providers.
  2. For approximately 943,000 SMF patients, the database contained the above demographic data as well as the following information dated from January 2005 to January 2011: dates of services and a description of medical diagnoses and/or procedures used for business operations. Because the data of SMF patients was broader in scope, Sutter Medical Foundation has begun the process to notify these patients by mail. Patients should receive letters no later than Dec. 5.

Sutter Health has established a toll-free help line to answer questions and assist patients in determining whether their data was on the computer. Any concerned patients can call toll-free at (855) 770-0003, Monday through Friday from 8 a.m. to 5 p.m. PST. When prompted, patients should enter this 10-digit reference code: 7637111511.

“Sutter Health holds the confidentiality and trust of our patients in the highest regard, and we deeply regret that this incident has occurred,” said Sutter Health President and CEO Pat Fry. “The Sutter Health Data Security Office was in the process of encrypting computers throughout our system when the theft occurred, and we have accelerated these efforts.”

Encryption technology scrambles each computer’s data in a way that makes it very difficult for an unauthorized user to retrieve the information. Sutter Health is also reinforcing security practices across its system.

More to follow….

Corrected headline to reflect desktop and not laptop. 

Category: Health Data

Post navigation

← Computer IDs, passwords of Japan lawmakers leaked
Breaking: Sutter Health reports stolen desktop contained data on 4.2 million patients →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.