A class action lawsuit has reportedly been filed against the Californian health company known as Sutter Health after personal information relating to millions of patients went missing.
The lawsuit, which was filed in Sacramento Superior Court by representatives of some of the US citizens affected by the data breach, accuses Sutter Health of negligence in securing its computer systems. It also criticises the Northern California-based company for the way it notified victims of the incident.
The data is believed to have gone missing on 17th October 2011, when an unencrypted desktop computer was stolen from the premises. This computer was said to have contained personal records for around 4.2 million patients, most of whom weren’t informed of the data breach until around a month after it had occurred.
Sutter Health, which will need to rely on its professional indemnity insurance to fight the case, has not commented on the lawsuit so far. However, in a notice of explanation to patients recently, it stated:
“[Sutter] has already encrypted portable laptops and BlackBerrys systemwide, and was in the process of encrypting desktop computers throughout the system when the theft took place,”