SACRAMENTO, Calif. — Sacramento-based healthcare giant Sutter Health announced a ransomware attack Friday potentially impacting the personal information of more than 845,000 patients.
According to Sutter, a vendor that provides an online contact management platform for the healthcare company was affected by a "MOVEit" ransomware attack between May 30 and May 31.
The vendor, Welltok Inc., reported the attack to Sutter through the vendor's parent company Virgin Pulse on Sept. 22. Based on Virgin Pulse's internal investigation, attackers were able to exfiltrate data from the "MOVEit" transfer server.
Virgin Pulse told Sutter that social security numbers and financial information weren't impacted by the attack.
Virgin Pulse has mailed letters to all patients who were impacted by the attack. The letters included information on available services, resources and recommendations for patients to monitor any inappropriate use of their personal information.
The company has set up a dedicated assistance line for impacted patients at 800-628-2141.
In a statement, Sutter Health said that Virgin Pulse applied patching, took mitigation steps and conducted an internal investigation with help from a third-party cyber security specialist to assess the security of data housed on its server.
Watch more from ABC10: New technology in your car might be creating a 'privacy nightmare' | Dollars & Sense