0 comments | Print

Sutter Medical Foundation patients' privacy breached

By Darrell Smith
dvsmith@sacbee.com
Published: Thursday, Nov. 17, 2011 - 12:00 am | Page 6B
Last Modified: Sunday, Nov. 27, 2011 - 11:24 am

A Sutter Medical Foundation computer stolen in mid-October held information on more than 4 million patients, some dating back to 1995, Sutter Health officials said Wednesday.

The information, primarily demographic, but also containing descriptions of medical diagnoses and procedures, was stored on a password-equipped but unencrypted desktop computer in the administrative offices of Sutter Medical Foundation in Natomas, said Sutter Health spokeswoman Nancy Turner.

The breach is immense in its scope.

For 3.3 million patients whose providers are supported by Sutter Physician Services, names, addresses, email addresses, dates of birth, telephone numbers and names of patients' health insurance plans dating from 1995 were contained in the computer's database.

Sutter Physician Services provides billing and managed-care services for health care providers, including those in the Sutter Health network.

The computer contained the same information for 943,000 more Sutter Medical Foundation patients. It also included data on foundation patients from January 2005 to January 2011, such as dates of services and description of medical diagnoses or procedures used for business operations.

The computer was swiped the weekend of Oct. 15, along with monitors and other equipment during a break-in at the foundation's offices on Gateway Oaks Drive. Employees returned to work Oct. 17 to find a broken window and the terminal and other equipment missing. A report was filed with Sacramento police, Turner said.

Sutter Health officials have since hired a private investigator in an attempt to recover the stolen computer, and notified the California Department of Public Health and the U.S. Department of Health and Human Services about the theft and data breach.

State public health officials contacted Wednesday said they were notified, but said they have no jurisdiction over Sutter Medical Foundation and are not investigating the incident.

The Sutter Health network was in the process of encrypting data on its desktop computers, Turner said, but the stolen computer had not yet been processed. The encryption efforts began in 2007, starting with laptops and hand-held devices, before moving to desktops, she said.

Sutter officials said they are "accelerating these efforts" following the October theft.

Encryption technology scrambles computer data, making it more difficult for unauthorized users to access.

Storage of patient data on an unencrypted desktop computer is "unusual, but sometimes necessary" to handle the volume of information, Turner said.

In a letter mailed Wednesday to Sutter Medical Foundation patients, foundation CEO Tom Blinn said, "We deeply regret that this incident has occurred and we are taking steps to prevent this from ever happening again."

Sutter Medical Foundation runs a series of clinics in the Sacramento region. The Foundation network includes Sutter Medical Group, Sutter Independent Physicians and Sutter North Medical Group.

Foundation patients are being notified by mail of the data breach and the steps they should take, which amounts to reviewing their insurance information and contacting their insurance provider.

Sutter officials stressed that the stolen computer did not contain patient financial information or medical records, Social Security numbers or patients' health plan identification numbers.

But that did little to satisfy Sutter patients who wondered why such safeguards were not already in place.

"Don't tell me you're in the process (of encrypting). All computers should be encrypted – period," said Susan Schneidt of Rancho Murieta, who called a Sutter Health information line on Wednesday. "What sensitive personal information is out there? This is not what I went to the doctor for."

Patients concerned about their information can go to Sutter Health's website, www.sutterhealth.org, to find a list of affected health providers or call toll-free at (855) 770-0003 between 8 a.m. and 5 p.m.

Patients will be asked to enter the 10-digit reference code: 7637111511.

© Copyright The Sacramento Bee. All rights reserved.

Read more articles by Darrell Smith



About Comments

Reader comments on Sacbee.com are the opinions of the writer, not The Sacramento Bee. If you see an objectionable comment, click the "Report Abuse" link below it. We will delete comments containing inappropriate links, obscenities, hate speech, and personal attacks. Flagrant or repeat violators will be banned. See more about comments here.

What You Should Know About Comments on Sacbee.com

Sacbee.com is happy to provide a forum for reader interaction, discussion, feedback and reaction to our stories. However, we reserve the right to delete inappropriate comments or ban users who can't play nice. (See our full terms of service here.)

Here are some rules of the road:

• Keep your comments civil. Don't insult one another or the subjects of our articles. If you think a comment violates our guidelines click the "Report Abuse" link to notify the moderators. Responding to the comment will only encourage bad behavior.

• Don't use profanities, vulgarities or hate speech. This is a general interest news site. Sometimes, there are children present. Don't say anything in a way you wouldn't want your own child to hear.

• Do not attack other users; focus your comments on issues, not individuals.

• Stay on topic. Only post comments relevant to the article at hand.

• Do not copy and paste outside material into the comment box.

• Don't repeat the same comment over and over. We heard you the first time.

• Do not use the commenting system for advertising. That's spam and it isn't allowed.

• Don't use all capital letters. That's akin to yelling and not appreciated by the audience.

• Don't flag other users' comments just because you don't agree with their point of view. Please only flag comments that violate these guidelines.

You should also know that The Sacramento Bee does not screen comments before they are posted. You are more likely to see inappropriate comments before our staff does, so we ask that you click the "Report Abuse" link to submit those comments for moderator review. You also may notify us via email at feedback@sacbee.com. Note the headline on which the comment is made and tell us the profile name of the user who made the comment. Remember, comment moderation is subjective. You may find some material objectionable that we won't and vice versa.

If you submit a comment, the user name of your account will appear along with it. Users cannot remove their own comments once they have submitted them.

hide comments
Sacramento Bee Job listing powered by Careerbuilder.com
Quick Job Search
Advanced Job Search | Search by Category
Sacramento Bee Jobs »
Buy
Used Cars
Dealer and private-party ads
Make:

Model:

Price Range:
to
Search within:
miles of ZIP

Search used

Advanced Search | 1982 & Older



Find 'n' Save Daily DealGet the Deal!

Local Deals

Find more great deals!
findnsave.sacbee.com