On July 22, 2023, Cognisight, LLC filed a notice of data breach with the Attorney General of California on behalf of SeniorCare PACE (“Sutter Senior Care”) after confirming that confidential data belonging to Sutter Senior Care patients was exposed as a result of a vulnerability in MOVEit. In this notice, Cognisight explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, dates of birth, Social Security numbers, health information, such as treatment information or diagnosis, provider information, and patient identification numbers. Upon completing its investigation, Cognisight began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Sutter Senior Care or Cognisight, LLC, it is essential you understand what is at risk and what you can do about it. While you may not have heard of Cognisight, the company came into possession of your information because it performs certain management services for Sutter Senior Care. Thus, as a result of the Cognisight data breach, the confidential information of Sutter Senior Care patients was compromised. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the Cognisight data breach. For more information, please see our recent piece on the topic here.

What Caused the Cognisight / Sutter Senior Care Breach?

The Cognisight / Sutter Senior Care data breach was only recently announced, and more information is expected in the near future. However, Cognisight’s filing with the Attorney General of California provides some important information on what led up to the breach. According to this source, on May 31, 2023, Cognisight learned that a file transfer tool used by the company, called MOVEit, contained a critical vulnerability allowing an unauthorized party to access files transferred by the software.

In response, Cognisight stopped all access to MOVEit and launched an investigation. On June 5, 2023, Cognisight confirmed that files were removed from its MOVEit server, including those containing confidential information pertaining to Sutter Senior Care patients. On June 27, 2023, Cognisight notified Sutter Senior Care about the incident.

After learning that sensitive consumer data was accessible to an unauthorized party, Cognisight reviewed the compromised files to determine what information was leaked and which consumers were impacted. Cognisight completed this process on July 12, 2023. While the breached information varies depending on the individual, it may include your name, date of birth, Social Security number, health information such as treatment information or diagnosis, provider information, and patient identification number.

On July 22, 2023, Cognisight sent out data breach letters to anyone who was affected by the recent data security incident. Note while Cognisight sent out the data breach letters, Sutter Senior Care’s logo also appears on the letters.

More Information About Cognisight, LLC and Sutter Senior Care

Cognisight, LLC is a business services company that provides various support services to healthcare providers. Based in Rochester, New York, Cognisight focuses on the provision of risk adjustment services such as analytics, chart reviews, health assessments, RADV support and initial validation audits. Cognisight employs more than 53 people and generates approximately $11 million in annual revenue.

Sutter SeniorCare PACE is a division of Sutter Health, a not-for-profit health system in Northern California. Sutter Health operates a large network of healthcare facilities in more than 100 cities across Northern California. Sutter Health employs approximately 53,000 people and generates roughly $14 billion in annual revenue.