How do you make a data breach even worse? You notify the victims that they are dead.

The headline says it all:

Some Treasure Valley residents receiving letters from Saint Alphonsus saying they are dead

The situation started routinely enough — an employee’s email account was compromised. In this case, the access was used to send out spam.

Somehow, however, in the process of sending breach notifications, there was a mail merge error. As Saint Alphonsus explained:

We have learned that some of our patients have received a letter notifying them of an email security event and unfortunately, when the letters were generated, a mail merge issue created an incorrect status for some patients, addressing them as deceased or a minor.

So first an employee’s email account gets compromised and then their vendor has a screw-up. It was not a great month for the hospital, it seems.

'Trickery and f...ery': Agency under fire over senior manager's 'serious' privacy breach
Little Rock Psychologist Indicted by Federal Grand Jury for Defrauding Medicare and Arkansas Blue Cross Blue Shield
Software companies must be held liable for British economic security, say MPs
UK privacy regulator has seen ‘collapse in enforcement activity,’ rights coalition says
SEC Voluntarily Dismisses SolarWinds Litigation
A Swath of Bank Customer Data Was Hacked. The F.B.I. Is Investigating.

Related: