Sutter Health A.I CyberSecurity Scoring
Sutter Health
Company Information
Website:http://www.sutterhealth.org
Employees number:25,099
Number of followers:214,387
NAICS:62
Industry Type:Hospitals and Health Care
Homepage:sutterhealth.org
Sutter Health Risk Score (AI oriented)
Between 600 and 649
Sutter HealthHospitals and Health Care
Updated:
23/06/2026
23/06/2026
614/1000
Poor
Caa
Sutter Health Global Score (TPRM)
xxxx
Sutter HealthHospitals and Health Care
Score locked

Sutter HealthPoor
Current Score
614Caa (POOR)
01000
6 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
616
JUNE 2026
613
MAY 2026
608
APRIL 2026
608
MARCH 2026
605
FEBRUARY 2026
601
JANUARY 2026
598
DECEMBER 2025
592
NOVEMBER 2025
590
OCTOBER 2025
586
SEPTEMBER 2025
582
AUGUST 2025
579
JUNE 2025
616
Breach
10 Jun 2025 • Sutter Health
Sutter Health, Lemonaid Health, & Redeemer Health Settle Pixel Data Breach Lawsuits
Sutter Health, Lemonaid Health, & Redeemer Health Settle Pixel Data Breach Lawsuits
568
CRITICAL-48
SUT1765814693
Sutter Health, Lemonaid Health, and Redeemer Health Settle Pixel Data Breach Lawsuits
Three healthcare providers—Sutter Health, Lemonaid Health, and Redeemer Health—have reached settlements in class action lawsuits alleging unauthorized disclosures of patient data via website tracking technologies, including pixels, cookies, and web beacons. These tools, commonly used for analytics and marketing, were accused of transmitting protected health information (PHI) to third parties like Meta and Google without proper consent or compliance with HIPAA regulations.
Sutter Health
The California-based nonprofit health system faced consolidated lawsuits (Jane Doe I and Jane Doe II v. Sutter Health) over claims that its website and patient portal shared PHI with third parties. The case proceeded on allegations of violating the California Invasion of Privacy Act (CIPA) and breaching express and implied contracts. A $21.5 million settlement was approved, with no admission of wrongdoing. Class members—California residents who accessed Sutter’s MyHealthOnline portal between June 10, 2020, and March 20, 2020—may receive up to $90 each. Remaining funds will go to privacy-focused nonprofits. The final fairness hearing is set for February 27, 2026, with a claim deadline of January 28, 2026.
Lemonaid Health
The telemedicine provider, owned by 23andMe, settled a lawsuit (A.J. v. Lemonaid Health) alleging its website shared PHI with Meta and Google via tracking pixels. The case was transferred to bankruptcy court after the defendants filed for Chapter 11. A $3.25 million settlement fund was established, with approximately 35,000 class members eligible for one-time payments. The final fairness hearing is scheduled for January 20, 2026, with objections due by January 5, 2026, and claims by February 23, 2026.
Redeemer Health
The Pennsylvania-based Catholic healthcare provider settled consolidated lawsuits (Doe v. Redeemer Health) over allegations that its websites and patient portals transmitted PHI to third parties without consent. The settlement offers class members a $25 cash payment and a year of dark web monitoring via CyEx Privacy Shield Pro. The final approval hearing is set for February 9, 2026, with claims due by January 9, 2026.
All three cases highlight the risks of tracking technologies in healthcare, where PHI exposure can lead to legal and regulatory scrutiny. The settlements reflect ongoing concerns over compliance with HIPAA and state privacy laws.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
SEPTEMBER 2024
670
Breach
31 Aug 2024 • Sutter Health
Sutter Health and SSM Health: Two Scattered Spider hackers plead guilty over Transport for London cyberattack
Scattered Spider Hackers Plead Guilty in £29M TfL Cyberattack
583
CRITICAL-87
SUTCAM1782210474
Scattered Spider Hackers Plead Guilty in £29M TfL Cyberattack
Two members of the cybercriminal group Scattered Spider Thalha Jubair (20, London) and Owen Flowers (18, Walsall) have pleaded guilty to charges under the UK’s Computer Misuse Act for their roles in a 2024 cyberattack on Transport for London (TfL). The breach, which occurred between 31 August and 3 September 2024, resulted in £29 million in losses and recovery costs, disrupted critical services, and forced TfL to reset passwords for all 28,000 employees in person.
The attack targeted TfL’s Oyster refunds system, delaying customer reimbursements and shutting down the application portal for Oyster photocards used by children and young people. The National Crime Agency (NCA) confirmed that the hackers accessed sensitive data, causing prolonged inconvenience for millions of daily commuters.
Investigators linked Flowers to additional intrusions, including breaches of U.S. healthcare providers SSM Health and Sutter Health. Seized devices including laptops, hard drives, and USB storage contained screenshots of TfL infrastructure access and videos of Jubair navigating TfL systems, with the pair communicating via Telegram and an online collaboration platform.
Flowers was first arrested on 6 September 2024 and later breached bail conditions twice in 2025. Both suspects were apprehended at their homes on 16 September 2025 by the NCA and City of London Police.
Deputy Director Paul Foster of the NCA’s National Cyber Crime Unit emphasized the real-world impact of the attack, stating it inflicted financial harm on critical national infrastructure and disrupted public services. Deputy Commissioner Nik Adams of the City of London Police warned that such attacks would face serious consequences.
Sentencing for Jubair and Flowers is scheduled for 16 July.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2023
714
Breach
01 Nov 2023 • Sutter Health
Sutter Health
Welltok Data Breach
643
CRITICAL-71
SUT44271123
The U.S. healthcare services business Welltok revealed a data breach that affected around 8.5 million patients.
The business was one among the targets of a widespread hacking campaign that took advantage of a zero-day vulnerability in the MOVEit Transfer programme.
The exposed information includes patient information, including phone numbers, physical addresses, email addresses, and full names. Threat actors also obtained specific health insurance details, Medicare/Medicaid ID numbers, and Social Security numbers (SSNs) for some of the affected individuals.
The following organisations, on behalf of which Welltok is delivering notice to affected individuals, are Asuris Northwest Health, BridgeSpan Health, Blue Cross and Blue Shield of Minnesota, Blue Cross and Blue Shield of Alabama, Blue Cross and Blue Shield of Kansas, Blue Cross and Blue Shield of North Carolina, Corewell Health, Faith Regional Health Services, Mass General, Brigham Health Plan, Priority Health, Regence BlueCross BlueShield of Oregon, Regence BlueShield, Regence BlueCross BlueShield of Utah, Regence Blue Shield of Idaho, St. Bernards Healthcare, and Sutter Health.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
MAY 2023
756
Breach
30 May 2023 • Sutter Health
Sutter Health
Sutter Health MOVEit Transfer Data Breach
706
CRITICAL-50
SUT004091825
The California Office of the Attorney General disclosed a data breach affecting Sutter Health, a major healthcare provider, on November 3, 2023. The incident originated on May 30, 2023, when an unidentified threat actor exploited a vulnerability in the MOVEit Transfer server, a third-party file transfer tool used by the organization. The attacker successfully exfiltrated sensitive personal data, including patient names and other personally identifiable information (PII). While the breach exposed confidential records, no evidence of misuse or further malicious activity (e.g., financial fraud, identity theft, or ransom demands) has been reported as of the disclosure.The breach highlights vulnerabilities in third-party software supply chains, which cybercriminals increasingly target to access high-value data. Sutter Health, which operates a network of hospitals and medical facilities, likely faced operational and reputational risks due to the exposure of patient data, though the immediate financial or systemic impact appears contained. The incident aligns with broader trends in healthcare cyberattacks, where protected health information (PHI) remains a prime target for exploitation in underground markets or follow-on attacks. Regulatory scrutiny and potential compliance penalties (e.g., under HIPAA) may follow, given the sensitive nature of the compromised data.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JUNE 2018
742
Breach
01 Jun 2018 • Sutter Health
Sutter Health
Sutter Health Employee Data Breach
693
CRITICAL-49
SUT03315722
A Sutter Health employees were fired for accessing medical information without permission.
However, they declined to state how many employees were fired and whose medical records they allegedly looked up.
Their privacy auditing and monitoring technology have detected inappropriate access, and the individuals involved are no longer employed by Sutter Health.
They are notifying the person, or persons, whose data was accessed.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
OCTOBER 2017
791
Breach
11 Oct 2017 • Sutter Health
Sutter Health
Sutter Health Data Breach
735
HIGH-56
SUT151080425
On February 7, 2018, the California Office of the Attorney General reported a data breach involving Sutter Health that occurred on October 11-12, 2017. The breach was the result of a phishing attack on a vendor, Salem and Green, allowing unauthorized access to personal information, including names, Social Security numbers, and California driver’s license numbers, for individuals affiliated with Sutter Health.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Sutter Health ??
What was Sutter Health's A.I Rankiteo Cyber Score in June 2026 ??
What was Sutter Health's A.I Rankiteo Cyber Score in May 2026 ??
What was Sutter Health's A.I Rankiteo Cyber Score in April 2026 ??
What was Sutter Health's A.I Rankiteo Cyber Score in March 2026 ??
What was Sutter Health's A.I Rankiteo Cyber Score in February 2026 ??
What was Sutter Health's A.I Rankiteo Cyber Score in January 2026 ??
What was Sutter Health's A.I Rankiteo Cyber Score in December 2025 ??
What was Sutter Health's A.I Rankiteo Cyber Score in November 2025 ??
What was Sutter Health's A.I Rankiteo Cyber Score in October 2025 ??
What was Sutter Health's A.I Rankiteo Cyber Score in September 2025 ??
What was Sutter Health's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Sutter Health's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Sutter Health ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Sutter Health's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?