For the second time this year healthcare provider Michigan Medicine is notifying patients that some of their personally identifiable information may have been exposed, this time due to a mailing error.

Michigan Medicine, which is part of the University of Michigan, said in a statement that in September a third-party printing vendor sent 3,700 patients a fundraising campaign letter where the name and address on the envelope did not match the information contained in the letter. This meant the recipient was able to see the name, contact information and in some cases email addresses of the letter’s intended recipient.

Michigan Medical vendor sends letters with limited PII to the wrong people.
DHS investigates possible vulnerabilities in medical devices, Reuters reports

No Security Numbers, credit or debit card or bank account numbers were exposed and the letters contained no medical information.

“To further prevent potential errors, the Development Office will begin using window envelopes to eliminate the need to match letters to envelopes,” Michigan Medicine stated, adding, “As a precautionary measure, affected patients have been advised to monitor their medical insurance statements for any potential evidence of fraudulent transactions using their information. However, the risk of this occurring is low because the information involved did not include account or social security numbers.”

In June 870 patients received notices that their information was contained on an employee’s laptop that was stole.