Impact & Downstream Threats
This breach carries high risk due to the nature of exposed data fields and the scale of affected records.
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
- Medical identity fraud or insurance abuse using health data
Breach Intelligence
Executive Summary
In May 2023, Northern-California hospital giant , Sutter Health, saw the personal and medical details of more than , 845,000 patients, siphoned off after its patient-engagement vendor , Welltok (doing business as Virgin Pulse), was compromised during the massive , MOVEit Transfer zero-day, campaign attributed to the , Cl0p ransomware gang, . The trove-later uploaded to an underground breach marketplace in December 2024 at roughly , 1.46 million database rows, -contained highly sensitive protected-health information (PHI). ,
, What was exposed, ,
, Attackers made off with full names, home addresses, phone numbers, email addresses, dates of birth, insurance-provider details, doctor names, treatment and diagnosis codes, as well as clinical metrics such as weight and blood-pressure readings-enough data to assemble a cradle-to-grave medical dossier on every affected patient. Unlike many healthcare incidents, Social Security and payment-card numbers were , not, in the Welltok dataset, but security experts warn that the breadth of PHI is still more than sufficient for targeted medical identity theft and extortion schemes. ,
, How the breach happened, ,
About Sutter Health
Healthcare system and provider.
Data Points Exposed
Dark Web Verification
Status: Confirmed
- Dataset containing approximately 1.5M records identified in breach intelligence sources.
- The data is indexed and searchable across breach notification platforms.
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Non-clients may request a breach impact review.
Frequently Asked Questions
In May 2023, Sutter Health experienced a data breach that exposed approximately 1.5M records containing personal information.
The exposed data includes fields such as account balance, email address, full name, medical diagnosis, phone number.
Approximately 1.5M records were affected based on current breach intelligence.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Sutter Health
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam