While the computer contained records of 4.2 million patients, it is believed that it did not include Social Security Numbers, Health Plan IDs, Medical records, or financial information of any of the patients. Rather, it contained a database of Sutter Physician Services, which provides billing and other administrative services to 21 Sutter units. It included names, addresses, dates of birth, phone numbers, email ids, medical record numbers, and health insurance plans of 3.3 million patients collected from 1995 through January 2011.

This apart the device also contained a database with information on 943,000 patients of Sutter Medical Foundation. While this smaller database included the same demographic details as the larger one, it also had the dates of service, and description of diagnoses and procedures. Sutter Health will soon notify these 943,000 patients whose records contained more extensive information.

In its statement Sutter Health has declared that all laptops and BlackBerries in the facility were already encrypted, and desktop computers were in the process of being encrypted when the theft took place. Following this incident Sutter Health has ramped up security measures implementing routine security updates, reinforcing security practices, and encrypting all computers. While Sutter Health is working with the police on the investigation, and taking corrective action to remediate the situation, a security solution like SecureGRC could have actually prevented such an incident from taking place. Its security monitoring and compliance management capabilities can effectively support an organization’s security policies and ensure complete information safety.

The post PHI Compromised Yet Again- 4.2 Million Records at Stake appeared first on Aegify.