The password-protected but unencrypted machine contained a patient database. Ironically, the Sacramento, Calif.-based healthcare organization had been implementing encryption across the organization at the time of the theft. Unfortunately, the machine that was stolen was not yet encrypted.
"Sutter Health holds the confidentiality and trust of our patients in the highest regard, and we deeply regret that this incident has occurred," Pat Fry, president and CEO of Sutter Health, said in a statement. "The Sutter Health Data Security Office was in the process of encrypting computers throughout our system when the theft occurred, and we have accelerated these efforts."
The machine was stolen from the Sacramento offices during the weekend of Oct. 15. The healthcare firm discovered the theft on Monday, Oct. 17, and reported it to the Sacramento Police Department. The database included names, addresses, dates of birth, phone numbers, email addresses, medical record numbers, and health insurance plan providers, between 1995 and January 2011, of 3.3 million patients under Sutter Physician Services. SPS provides managed care services and billing for healthcare providers.