MercyOne statement regarding January 22 Cerner/Oracle security incident
January 28, 2026Des Moines, Iowa; January 28, 2026 – MercyOne is aware of an issue involving some notification letters sent on January 22 regarding the Cerner/Oracle Security Incident.
A vendor‑related data‑matching error resulted in certain letters being addressed to the wrong individual. These letters may also appear unfamiliar because they were mailed directly by our vendor and do not contain our usual branding. Despite this appearance, they were legitimate.
We sincerely apologize for the confusion and concern this has caused.
What individuals need to know:
- The issue involved names and addresses only.
- Social Security numbers, financial information, and other sensitive data were not affected.
- We are working with our vendor to correct the error and resend accurate letters as quickly as possible.
If you or someone received a letter for someone who does not live at your address:
- Please mark it “Return to Sender” and place it back in the mail. If already opened, please destroy the letter.
- We appreciate your patience and understanding. Protecting patient information remains a top priority for Trinity Health/MercyOne.
If you would like more information on the data incident, please see the link to our substitute notice, Cerner Breach Impacting MercyOne Patients.
