BOISE, Idaho — Some residents in the Treasure Valley are receiving letters from Saint Alphonsus saying they are dead and their identity information may have been stolen.
Idaho News 6 has received several calls from people who have received the letters.
In January 2021, the health system says it had a cyber-attack and patients' personal information may have been accessed. One person told Idaho News 6 their letter didn't say they were dead, however, the letter did mention Saint Alphonsus learned of unusual activity related to an employee email account.
Saint Alphonsus announced the problem was caused by a "mail merge issue" and apologized for the incident:
We have learned that some of our patients have received a letter notifying them of an email security event and unfortunately, when the letters were generated, a mail merge issue created an incorrect status for some patients, addressing them as deceased or a minor.
The purpose of the original important notification was to inform impacted patients of an email security incident, provide a call center number to call for information, and to advise patients about credit monitoring services which would be available, if desired. The mail merge issue did not occur at Saint Alphonsus and all the impacted patients’ status is properly identified in our electronic medical records system.
We deeply apologize for the confusion and frustration which this incident has caused. We greatly value the trust of our patients and community members as an important commitment we make to the communities we serve. We take the privacy and security of our patient information very seriously.
Our media partner, the Idaho Statesman, reports that as of March 4, Saint Alphonsus said it was not able to determine which emails, if any, were accessed or if any patients' personal information was within the employee's email account.
The letter said the information that may have been accessed within the email account at the time includes patient names, addresses, phone numbers and medical and billing information. Saint Alphonsus is offering one free year of identity monitoring services, including credit monitoring, fraud consultation and identity theft restoration.
Tips from the BBB for consumers after a data breach:
- Find out if you were affected and what information was compromised*.
- Consider putting a credit freeze or fraud alert on your credit reports with the three major credit reporting agencies (BBB.org/creditfreeze).
- If your financial information has been affected: Contact your financial institution(s), monitor statements closely, dispute any fraudulent charges
- Take advantage of free credit/identity monitoring services being offered
- Expect that con artists will take advantage of this data breach and send out phishing emails and other messages that appear to be from St. Alphonsus, a credit bureau or other legitimate companies.
According to the BBB, with this particular data breach, per the letter, the information that was compromised is unknown so it’s best to proceed as if all information was compromised. The BBB recommends understanding cybersecurity needs and the importance of cybersecurity for all businesses, big and small, in order to safeguard customer data and privacy.
