A desktop computer stolen from healthcare organization Sutter Medical Foundation has potentially exposed the personal information of nearly 4 million patients.

The password-protected but unencrypted machine contained a patient database. Ironically, the Sacramento, Calif.-based healthcare organization had been implementing encryption across the organization at the time of the theft. Unfortunately, the machine that was stolen was not yet encrypted.

"Sutter Health holds the confidentiality and trust of our patients in the highest regard, and we deeply regret that this incident has occurred," Pat Fry, president and CEO of Sutter Health, said in a statement. "The Sutter Health Data Security Office was in the process of encrypting computers throughout our system when the theft occurred, and we have accelerated these efforts."

The machine was stolen from the Sacramento offices during the weekend of Oct. 15. The healthcare firm discovered the theft on Monday, Oct. 17, and reported it to the Sacramento Police Department. The database included names, addresses, dates of birth, phone numbers, email addresses, medical record numbers, and health insurance plan providers, between 1995 and January 2011, of 3.3 million patients under Sutter Physician Services. SPS provides managed care services and billing for healthcare providers.

Read the rest of this article on Dark Reading.

The new InformationWeek Healthcare supplement explains how the most astute healthcare providers are putting those billions of dollars in federal stimulus funds to productive use. Download the supplement now. (Free registration required.)