I received a letter from a company called Welltok and I almost discarded it since I didn't know the company (thought it was spam mail). I glanced at it and noticed the sentence - Notice of Data Breach.<p>The letter went on to inform me that they're a vendor to Sutter Health and they were impacted by the MOVEit breach. In summary, the letter was to notify me that my personal data including treatment information and diagnosis were potentially affected. To say I was surprised was an understatement given that Sutter Health hadn't notified me about this incident. And this incident seemed to have occurred between May and July.<p>I Googled this and found a discussion about this on Reddit [1] and just like me a lot of people were surprised because Sutter hadn't notified them, the letter they got didn't mention Sutter prominently (even on the envelope) and people initially thought it was spam. Further Googling showed that Sutter posted a notice on their site on Nov 3 [2].<p>I find it extremely surprising that Sutter Health didn't notify patients directly. How would people have seen the notice given that most people go to a Health Provider's website ONLY when they have a medical issue. The notice from Welltok also seems to minimize the potential impacts of the breached data. Welltok is offering free credit monitoring for 12 months. What about personal medical records that have been breached (diagnosis, treatment, date of birth, etc)? Even the credit monitoring requires a sign-up with a credit card. Why couldn't they have reached a deal with the credit agencies to allow for a signup without a card?<p>Welltok or Sutter Health also don't say how many years of your personal/medical record was affected.<p>1. <a href="https://www.reddit.com/r/bayarea/comments/17q10j6/psa_patient_data_breach_at_sutter_health_palo/" rel="nofollow noreferrer">https://www.reddit.com/r/bayarea/comments/17q10j6/psa_patien...</a><p>2. <a href="https://vitals.sutterhealth.org/sutter-health-vendor-reports-patient-information-incident/" rel="nofollow noreferrer">https://vitals.sutterhealth.org/sutter-health-vendor-reports...</a>