Eleven class-action lawsuits filed against Sutter Health over a data breach are being consolidated into a single case in Sacramento County Superior Court, the Sacramento Business Journal reports.
The cases are being consolidated to maximize resources and avoid duplication (Robertson, Sacramento Business Journal, 2/29).
The data breach occurred the weekend of Oct. 15, 2011, after a computer was stolen from the Sutter Medical Foundation business office in Sacramento.
A Sutter spokesperson said a computer monitor, keyboard and other equipment went missing. The computer was password-protected, but the data were not encrypted (iHealthBeat, 11/23/11).
Two groups of patients have been affected by the incident.
The first group comprises 3.3 million individuals whose health care providers work with Sutter Physician Services. The stolen data on these patients include names, addresses, birth dates, medical record numbers and health insurance providers.
Meanwhile, data that went missing on 943,000 additional Sutter Medical Foundation patients included the same information, as well as dates that services were provided and descriptions of diagnoses or procedures from January 2005 to January 2011.
Sutter officials said the data do not include patients’ financial records, Social Security numbers or health plan identification numbers (iHealthBeat, 11/17/11).
Details of the Lawsuit
All of the eleven lawsuits seek monetary damages for individuals affected by the breach, as well as a court order requiring Sutter to improve its methods of protecting patient information.
According to the Business Journal, the consolidated case could seek as much as $1,000 for each member of the class-action lawsuit, which could amount to between $944 million and $4.25 billion total, not including attorneys’ fees and court costs.
The Judicial Council of California has yet to assign the consolidated case to a judge (Sacramento Business Journal, 2/29).