Helpful Articles

Console & Associates, P.C.: Sutter Health Data Breach Investigation Reveals MOVEit-Related Leak Affects 845,000

The Sutter Health data breach investigation has revealed hackers have stolen the data of as many as 845,000 people, according to a notice the company posted on November 3, 2023. This notice details how Welltok, a Sutter Health vendor and Virgin Pulse company experienced a data breach related to the MOVEit software tool in May, 2023. This compromised the private information of Welltok's clients, namely Sutter Health.

Since then, the involved companies have been sending notifications to victims of the Sutter Health data breach. Investigation into the leak has revealed exactly what information different patients have lost, which mostly consists of protected health information and personal identifiable information. After reviewing your letter, refer to our Guide for Victims of Data Breaches to take proactive steps to protect yourself. 

From there, reach out to the Sutter Health data breach lawyers at the law firm of Console & Associates, P.C. to consider if a lawsuit might be the right option for you. Send us an email to or call 866-778-5500 to schedule a free consultation. 

To learn more about the Sutter Health data breach, read our blog post here:

What Caused Sutter Health Data Breach?

The Sutter Health data breach investigation only recently became public knowledge, and more information is likely on the way. However, there's a good deal we know about the leak thanks to Sutter Health's November 3, 2023 website notice on the breach. The beginning of the breach goes back to late May of the same year, when it became apparent that there was a vulnerability in the MOVEit file transfer tool. 

The breach lasted from May 30 to 31st, 2023, at which point Progress Software quickly launched a patch to secure the leak. However, hackers had already done the damage and stolen the data of tens of millions of individuals from dozens, if not hundreds of companies. Virgin Pulse, Welltok, and Sutter Health are three of the latest additions to this massive breach. 

Further details are lacking, as it's unclear exactly when Virgin Pulse's Sutter Health data breach investigation reached its conclusion. By November 3, 2023, though, Sutter Health was able to post a notice of the leak and inform patients. This notice stated that people’s names and various types of protected medical information were at risk. 

According to the notice, Virgin Pulse had already begun sending letters to victims of the breach. If you receive such a letter, you should consider a Sutter Health data breach lawsuit to obtain compensation for the risks and stress that come with theft of your personal data. 

Background on Sutter Health, Welltok, and Virgin Pulse

Sutter Health is a century-old, not-for-profit health system with operations and headquarters in Northern California. The system operates 24 hospitals and over 200 clinics, with a workforce of more than 51,000 and roughly $14.8 billion in annual revenue. 

Sutter Health relies on Welltok as a third-party vendor. Welltok is part of Virgin Pulse, a healthcare software company centered in Providence, Rhode Island. Virgin Pulse has around 2,000 employees and an annual revenue of around $385 million. 

While large companies aren't always at fault for data breaches, they can be. At the law firm of Console & Associates, P.C., our Sutter Health data breach lawyers are at work to identify if corporate negligence played a role in this breach. 

If this breach was preventable, a Sutter Health data breach lawsuit could be the right step for you. It could entitle you to compensation for damages, emotional distress, and lost time related to your stolen information. Set up a free consultation by sending us an email to or calling 866-778-5500 to find out more. 

About the Author
Richard Console
Posted - 11/16/2023