A medical information breach that affected thousands of St. Joseph Health System patients in California is the subject of a class-action lawsuit in Sonoma County Superior Court.

The suit was filed April 2 on behalf of two Sonoma County residents who were patients last year at Santa Rosa Memorial Hospital, one of six St. Joseph Health System hospitals where patients were affected.

Earlier this year, St. Joseph officials notified 31,800 patients across the state that their health information mistakenly was made accessible on the Internet for nearly a year. In some cases, the information would have been accessible through a simple Google search of the patient's name.

At Memorial Hospital, 6,235 patients were notified as were 4,263 patients of Queen of the Valley Hospital Napa, two patients of Petaluma Valley Hospital and patients of Southern California hospitals.

The lawsuit, filed by the San Francisco-based law firm Keller Grover, charges St. Joseph violated several sections of the California Confidentiality of Medical Information Act.

The suit says St. Joseph "negligently and unlawfully released" medical information without patient authorization and failed to "implement and maintain appropriate and reasonable security procedures and practices to protect" the information.

St. Joseph officials say they regret the mistake and are doing what they can to ensure patients' are not negatively affected.

According to the suit, Sonoma County resident Deanna DeBaeke, a patient at Memorial Hospital in April 2011, found out about the breach Jan. 24 when she ran an Google search of her name. The search came back with three St. Joseph reports related to her treatment at Memorial.

The suit seeks damages of $1,000 for each of the 31,800 patient. The second plaintiff is Loba Moon, a patient at Memorial in February and March 2011.

Attorneys at Keller Grover could not be reached for comment Monday evening.

St. Joseph said the information inadvertently made public was contained in reports not electronic medical records, which remained secure.

Patient addresses, Social Security numbers or financial information were not included in the reports.

Brian Greene, a spokesman for St. Joseph Health System in Orange, said he knows of no instances where a patient was negatively affected.

"We regret what happened, and we're doing everything we can to make things right," he said.

Greene said St. Joseph is providing, as a precautionary measure, free identity-theft protection services affected patients. For more information, call 1-877-430-5623.

You can reach Staff Writer Martin Espinoza at 521-5213 or martin.espinoza@pressdemocrat.com.