Saint Alphonsus, which is part of Livonia, Mich.-based Trinity Health, discovered unusual activity related to an employee email account in January. The incident led to a patient data breach, which Saint Alphonsus communicated to affected individuals via mailed notification letters.
“Unfortunately, when the letters were generated, a mail merge issue created an incorrect status for some patients, addressing them as deceased or a minor,” the health system said in a statement, according to the report.
Saint Alphonsus said the mail merge issue did not occur at its health system, and all the affected patients’ statuses are properly identified in its EHR system.
“We deeply apologize for the confusion and frustration which this incident has caused. We greatly value the trust of our patients and community members as an important commitment we make to the communities we serve,” the health system said. “We take the privacy and security of our patient information very seriously.”
More articles on cybersecurity:
HHS extends comment period for proposed HIPAA changes
How healthcare organizations can prepare for a data breach: 7 tips
Ransomware attack exposed info of 210K MultiCare patients, providers, workers