Skip to main content

Sutter Health Data Breach Investigation | Welltok | Virgin Pulse

The Lyon Firm is investigating the Sutter Health and Welltok data breach for plaintiffs nationwide. The breach allegedly impacted as many as 845,000 individuals. Contact our data breach lawyers to learn more and discuss possible legal action. Our attorneys are working on several related data privacy cases involving the MOVEit file transfer ransomware attack that occurred in May 2023.

What Happened at Sutter Health?

On November 3, 2023, Sutter Health posted notice on its website describing a third-party data breach at Welltok, Inc., a Virgin Pulse company. Sutter explained that the incident resulted in an unauthorized party accessing patient data and personal information. Sutter and Virgin Pulse have begun sending out data breach notification letters to all individuals who may have had their personal information compromised.

Welltok operates an online contact-management platform that enables healthcare clients to provide patients with notices and communications for Sutter. The company concluded that their MOVEit Transfer was compromised in the same attack that impacted hundreds of other organizations and millions of individuals.

If you receive a data breach notification from Sutter or Virgin Pulse, it is important to understand the risks of criminals stealing your personal and health information. Even a small amount of data can be used to engage in various fraud and identity theft schemes.

While the Sutter Health data will vary depending on the individual, the company is warning that names and protected health information may be at risk, in the very least. Welltok has sent out letters to those impacted at St. Bernards Healthcare and Stanford Health Care as well, indicating 89,000 impacted for the former, and 1.6 million for the latter.

More About The Impacted Companies

Sutter Health, based in Sacramento, is a not-for-profit health system operating 24 hospitals and more than 200 clinics in Northern California. Virgin Pulse is a healthcare software company based out of Providence, Rhode Island.

Contact our lawyers to discuss the existing MOVEit class action lawsuit that you may be eligible to join. We believe any company that collects and stores your personal information has a duty to protect it with reasonably secure IT networks. Should any company neglect to invest in proper IT security, they may be held liable for related losses. Call now for a free data theft and personal privacy consultation.