Patients of Rochester Regional Health recently began receiving mailed notices of a data breach that only led to more confusion, as the letters themselves appeared on first glance to be a scam.

What caused the skepticism? Firstly, the letters were sent out by a third-party vendor rather than the hospital itself. Furthermore, the letter misidentified the facility a “Rochester Regional Medical Center” rather than Rochester Regional Health, its actual name. 

The hospital confirmed the legitimacy of the note, according to local reporting. However, many individuals receiving these letters believed them to be scams and discarded them. 

The letters were sent by third-party vendor Xsolis, a previously used partner providing case and utilization management services. According to the letter, the vendor was breached and became aware of unauthorized activity impacting the healthcare facility. 

Rochester Regional Health faced previous breaches in 2020 and 2023.