An Important Notice for Patients Regarding Stolen Computer
Wednesday, Nov. 16, 2011
During the weekend of Oct. 15-16, 2011, a password-protected unencrypted desktop computer was stolen from Sutter Medical Foundation’s administrative offices in Sacramento. Sutter Health learned of the theft on Monday, Oct. 17, 2011, immediately reported it to the Sacramento Police Department, and began a thorough internal investigation.
The computer did not contain patient financial records, social security numbers, patients’ health plan identification numbers or medical records. While no medical records were contained, some personal medical information was included for a portion of patients.
Sutter Health holds the confidentiality and trust of our patients in the highest regard, and we deeply regret that this incident has occurred. Please know these details:
- For approximately 3.3 million patients whose health care provider is supported by Sutter Physician Services (SPS), the database included only the following demographic information dated from 1995 to January 2011: name, address, date of birth, phone number and email address (if provided), medical record number and the name of the patient’s health insurance plan. SPS is an organization that provides billing and managed care services for health care providers with which it contracts, including facilities within the Sutter Health network.
The impacted health care providers include:
- Albany Family Practice
- Alta Bates Medical Associates
- Alta Bates Medical Group
- Alta Bates Summit Medical Center
- Central Valley Medical Group
- County of Yolo Department of Health
- Eden Medical Center
- Family Doctor Medical Group
- Oakcare Medical Group
- San Leandro Hospital
- Sutter Amador Hospital
- Sutter Coast Hospital
- Sutter East Bay Medical Foundation
- Sutter Gould Medical Foundation
- Sutter Independent Physicians
- Sutter Lakeside Hospital
- Sutter Medical Center, Sacramento
- Sutter Medical Center of Santa Rosa
- Sutter Medical Foundation
- Sutter Pacific Medical Foundation
- Sutter Select
- For approximately 943,000 Sutter Medical Foundation (SMF) patients, the database contained the above demographic data as well as the following information dated from January 2005 to January 2011: dates of services and a description of medical diagnoses and/or procedures used for business operations. Because the data of SMF patients was broader in scope, SMF has begun the process to notify these patients by mail. Patients should receive letters no later than Dec. 5, 2011.
What We’re Doing
Sutter Health has established a toll-free helpline to answer questions and assist patients in determining whether their data was included. Any concerned patients can call toll-free at 1-855-770-0003, Monday through Friday from 8 a.m. to 5 p.m. PST. When prompted, patients should enter this 10-digit reference code: 7637111511.
The Sutter Health Data Security Office has already encrypted portable laptops and blackberries systemwide, and was in the process of encrypting desktop computers throughout the system when the theft took place. Sutter Health has since accelerated its efforts to encrypt all computers and has implemented routine security software updates. Encryption technology scrambles each computer’s data in a way that makes it very difficult for an unauthorized user to retrieve the information. Sutter Health also will be reinforcing security practices with staff systemwide.
What Patients Can Do
While there were no health insurance policy numbers on the computer, as a precaution we still encourage patients to always review their explanation of benefits and other correspondence from their insurance carrier and to report any suspicious activity immediately