Sutter Health will face a class-action lawsuit regarding the Californian health system's largest data breach that involved the personal information of 4.24 million patients.
After a desktop computer was stolen in October, Sutter Health immediately reported the theft to police, as well as conducted an internal investigation, FierceHealthcare noted. Although the computer was password-protected, the stolen records were not encrypted, the health system said.
But Sutter's actions have not appeased everyone, especially Karen Pardieck who filed the suit in Sacramento Superior Court last Monday on behalf of almost 944,000 patients, reports the Sacramento Bee. According to the lawsuit, Sutter Health was negligent in protecting its computers and data and waited too long to notify the affected patients.
"If there's proprietary information in their files, they have a financial interest to make sure security is of the utmost importance," attorney Robert Buccola of the firm Dreyer Babich Buccola Wood LLP, which filed the suit, told the Sacramento Bee.
The health system maintained that it conducted a detailed, complicated process of informing the millions of patients, in which a team had to first identify what information was on the stolen computer before it could start notifying anyone.
The suit seeks $1,000 for each member of the class plus attorneys' fees.
For more information:
- read the Sacramento Bee article
- here's the FierceHealthcare article on the breach