The sensitive data of 845,000 Sacramento, Calif.-based Sutter Health patients was compromised in a ransomware attack on its online contact-management vendor Welltok, a Virgin Pulse company.
The vendor, which enables Sutter Health to inform patients and members through notifications, told the health system that 845,000 of its patients were affected by a September breach in which a ransomware group attacked a file transfer tool the vendor uses known as MOVEit.
According to a Nov. 3 notice posted on its website, during an investigation into the incident, Sutter Health learned of the data exfiltration, but did not mention what was compromised, only that Social Security numbers and financial information were not affected.
Virgin Pulse is notifying all affected patients.