The Sacramento Bee reports on a medical data security breach that affects more than 4 million patients:
A Sutter Medical Foundation computer stolen in mid-October held information on more than 4 million patients, some dating back to 1995, Sutter Health officials said Wednesday.
The information, primarily demographic, but also containing descriptions of medical diagnoses and procedures, was stored on a password-equipped but unencrypted desktop computer in the administrative offices of Sutter Medical Foundation in Natomas, said Sutter Health spokeswoman Nancy Turner. […]
For 3.3 million patients whose providers are supported by Sutter Physician Services, names, addresses, email addresses, dates of birth, telephone numbers and names of patients’ health insurance plans dating from 1995 were contained in the computer’s database. […]
The computer contained the same information for 943,000 more Sutter Medical Foundation patients. It also included data on foundation patients from January 2005 to January 2011, such as dates of services and description of medical diagnoses or procedures used for business operations.
The computer was swiped the weekend of Oct. 15, along with monitors and other equipment during a break-in at the foundation’s offices on Gateway Oaks Drive. Employees returned to work Oct. 17 to find a broken window and the terminal and other equipment missing. A report was filed with Sacramento police, Turner said. […]
The Sutter Health network was in the process of encrypting data on its desktop computers, Turner said, but the stolen computer had not yet been processed. The encryption efforts began in 2007, starting with laptops and hand-held devices, before moving to desktops, she said.