Northern California-based healthcare system Sutter Health has disclosed that 845,441 patients had their personal data exposed after its third-party communications firm Virgin Pulse was impacted by the widespread MOVEit file transfer system hack conducted by the Cl0p ransomware operation.
Sutter Health was initially notified by Virgin Pulse regarding the compromise on Sept. 22, with a final report provided on Oct. 24 revealing that the health, well-being, and navigation platform had its MOVEit server infiltrated from May 30 to 31, according to Sutter Health.
While attackers may have been able to access patients’ names, birthdates, provider names, health insurance data, treatment cost details, diagnosis, and treatment information, Sutter Health assured that no financial details and Social Security numbers have been compromised.
Such a development comes months after California Public Employees’ Retirement System, the largest pension fund across the U.S., and California State Teachers Retirement System confirmed being impacted by the MOVEit hack.
Customers impacted by the data breach should have been notified by Virgin Pulse by mail. Anyone who was impacted can call Virgin Pulse at (800) 628-2141 between 6 a.m. and 8 p.m. during the week and between 8 a.m. and 5 p.m. on the weekends.