Individuals in the US affected by a data breach at Sutter Health have filed a class-action lawsuit against the Northern California-based company, according to a report in The Sacramento Bee.
The suit, filed Monday in Sacramento Superior Court, contends that the company was negligent in securing its computer systems and in notifying victims about the incident.
On 17 October the personal information of 4.2 million patients went missing due to the theft of an unencrypted desktop computer. Affected patients were not alerted until about a month later.
The report, citing a Sutter spokesman, said the company wouldn't comment on the lawsuit but that it needed time to investigate the incident before notifying those affected. Last week, the company said it would expedite plans to encrypt all desktops.
"[Sutter] has already encrypted portable laptops and BlackBerrys systemwide, and was in the process of encrypting desktop computers throughout the system when the theft took place," a notice to patients said.