Couple of questions.
1) What do you mean "I hosted"? Do you own the server the websites reside on, or did you setup the client with their own host and they pay that organization and do not directly pay you?
2) Did you retain any ownership in the sites you produced? Such as the code?
If you answered "yes" to either you are physically hosting the site and/or the business pays you for hosting, or you retained rights to the code or any portion of the sites that are non-compliant, they you could be held liable if the business owner were breached and took you to court.
The business owner would have to prove your liability though through the court, which will be costly for them, so if they are a small business, the likely won't pursue such a cost, but they "could".
Typically as a future reference, it is probably better to get these answers before contacting your clients who are "at risk", simply because you may want to have worded your e-mail/letter differently or approached the problem in a different manner.
For example, your recent letter/e-mail now shows you know that you didn't abide by the PCI compliance, which will help their case in court. Granted at the time you developed it, you didn't realize it (that is a valid argument, but your letter doesn't really help you in this situation).
I'd draft a new letter, one that states something along the following.
Hi Customer (put their name here instead of Customer),
It has come to my attention that the work I provided for you previously might not be entirely PCI compliant. As you know, the government can impose fines for breaches that occur on websites that are not PCI compliant. I would like to get in touch with you to help resolve this issue in a timely manner.
Please respond by XX/XX/XXXX (put a date here) so that we can work towards an agreement to upgrade your website.
Failure to respond by the date specified above acknowledges that you do not wish to pursue PCI compiance status and removes <insert your company name here> from any liability.
<your company name>
<sign it and date it>
Keep track of when you sent each letter to each client and if they responded (this will help if you do end up in court, due to a breach).