Sutter Health reported that a computer with personal medical information for 4.24 million patients was stolen in October.
The computer did not include patient medical records, financial records, Social Security numbers or health plan identification numbers, according to a
news release from the Sacramento, Calif.-based system.
The computer stored data for about 3.3 million patients who belong to
21 providers contracted with Sutter Physician Services, a billing and managed-care services provider. The providers are located in Northern California.
The data stored on the stolen computer included patients' name, address, date of birth, phone number, e-mail address, medical record number and the name of their insurance plan, from 1995 to January 2011.
About 943,000 patients from the Sutter Medical Foundation also were affected. For Sutter Medical patients, the same data, as well as dates of services, a description of medical diagnoses and/or procedures used for business operations, was stored on the stolen computer. The data was collected from January 2005 to January 2011.
Sutter said it will mail notifications to Sutter Medical Foundation patients by Dec. 5. A Sutter Health spokeswoman said the system is not planning to notify the 3.3 million patients directly.
"Sutter Health holds the confidentiality and trust of our patients in the highest regard, and we deeply regret that this incident has occurred," Sutter Health President and CEO Pat Fry said in the release.
The theft occurred at Sutter Medical Foundation's administrative offices in Sacramento during the weekend of Oct. 15-16, according to the 23-hospital system. The desktop computer was password-protected but unencrypted; Sutter said in the news release that the data security office was in the process of encrypting desktop computers when the theft occurred.
