Sacramento, Calif.-based Sutter Health is notifying patients of a potential data breach after a former employee emailed electronic versions of billing documents to a personal account without authorization. The incident compromises the information of 2,582 patients.
Sutter Health learned of the incident after conducting a review of the former employee's email activity and computer access. The system initiated the review Aug. 27after learning of alleged improper conduct by the former employee. The former employee worked for Sutter Physician Services, which handles billing for the system's physician medical foundations.
Affected electronic information includes patient names, birth dates, insurance identification number, date of service and billing code. One patient's driver's license number was compromised, and one patient's Social Security number and driver's license number were compromised.
According to Sutter, the incident occurred April 26, 2013.
The system said it has no evidence any of the patient information was used or disclosed to outside parties.
"Our patients trust us to provide their care and protect their privacy. We believe protecting patients' health information is the responsibility of every employee. We require employees to sign confidentiality agreements. In addition, we train them to follow privacy and information security policies and regulations. We deeply regret this incident occurred," said Stephen Lockhart, MD, PhD, CMO of Sutter Health.
More articles on data breaches:
888 breaches hit in 2015 thus far: 10 things to know
UCLA Health cleared in $1.25M data breach lawsuit
19 latest healthcare data breaches