Encryption, Breach, Mobile

Lawsuits in Sutter Health breach to be rolled into one

March 8, 2012
Following the theft of a computer from Sutter Health in October that put the personal information of more than 4.2 million patients at risk, 11 class-action lawsuits were filed against the Sacramento, Calif.-based nonprofit, which provides billing and managed care services for various health care providers.

Now, those complaints are likely to be merged into a single case in Superior Court in Sacramento to expedite the proceedings, according to a report last week in the Sacramento Business Journal

For consolidation to happen, a common theme must be determined within each of the cases. But that is expected as all contend that Sutter was negligent in securing its computer systems and did not notify victims in a timely manner.

The suits seek monetary damages and demand that Sutter improve its policies to protect patient information.

A database on the stolen computer housed the names, addresses, birth dates, phone numbers and medical record numbers of 3.3 million patients of Sutter Physician Services. Also included were the names of the patient's health insurance plan. The same details of another 943,000 patients of the Sutter Medical Foundation also were compromised.

Sutter elected to notify the 943,000 instead of the others because the information about them was "broader in scope."

The data was not encrypted, though a month after the theft, in a notice to patients, Sutter said it "has already encrypted portable laptops and BlackBerries systemwide, and was in the process of encrypting desktop computers throughout the system when the theft took place."

Sutter has hired Bartko, Zankel, Tarrant & Miller, a 30-lawyer San Francisco firm, to represent the company.

Neither counsel nor a representative from Sutter was available for comment.

prestitial ad