(FOX40.COM) –Hundreds of thousands of Sutter Health patients may be at risk of a hacker having access to their personal information after a data breach within the hospital’s systems was revealed.
Sutter Health sent notices on Nov. 3 saying that one of its vendors was affected by a ransomware attack. The vendor is a file transfer tool called MOVEit, and its breach of security led to an unauthorized user potentially extracting Sutter Health patient information.
A company called Virgin Pulse (WellTok) reportedly helps Sutter Health provide patients and members with important notices and communications. Based on Virgin Pulse’s investigation findings, an estimated 845,441 Sutter Health patients may be impacted. Although some personal information was exposed, the company confirmed the incident did not impact social security numbers and financial information.
Sutter Health said it was first notified about the attack on Sept. 22. Virgin Pulse confirmed it worked with the assistance of third-party cybersecurity specialists to remedy the breach and determine the potential impact of the system’s vulnerabilities.
Virgin Pulse stated that the investigation determined an unknown user exploited vulnerabilities, accessed MOVEit between May 30 and May 31, and exfiltrated data from the MOVEit Transfer server. On Oct. 24 Welltok said it provided Sutter Health with a final report on its investigation.
All impacted patients were reportedly notified of the incident by Virgin Pulse via mailed letters that included available services, resources, and recommendations for patients to monitor any potential inappropriate use of their personal information.
Impacted patients can also call the dedicated assistance line set up by Virgin Pulse at 800-628-2141.