This one is going to hurt, given the size of the data breach.  A password protected laptop with unencrypted data?  There will be lawsuits since allowing this much data to be placed on laptop in an unencrypted form borders on negligence.  Who knows what happened to the data.  Hopefully the thief was looking for hardware and could care less about the data, but being hopeful isn’t a policy solution nor a means of protecting those whose identities might be exposed.

A Sutter Medical Foundation computer stolen in mid-October held information on more than 4 million patients, some dating back to 1995, Sutter Health officials said Wednesday.

The information, primarily demographic, but also containing descriptions of medical diagnoses and procedures, was stored on a password-equipped but unencrypted desktop computer in the administrative offices of Sutter Medical Foundation in Natomas, said Sutter Health spokeswomanNancy Turner.

The breach is immense in its scope.

For 3.3 million patients whose providers are supported by Sutter Physician Services, names, addresses, email addresses, dates of birth, telephone numbers and names of patients’ health insurance plans dating from 1995 were contained in the computer’s database.

http://www.sacbee.com/2011/11/17/4060705/sutter-medical-foundation-patients.html