Updated

Health insurer Aetna reportedly exposed the personal data of HIV patients across the U.S. earlier this month when mailings to the patients revealed the information through a large window on the front of the envelope.

The top of the letter sent to patients July 28, according to an image taken of the envelope, shows the patients’ name, address, claim number and options available to them under their health plan to fill their HIV medication prescriptions.

The Legal Action Center (LAC) and the AIDS Law Project of Pennsylvania (ALPP) said in a cease-and-desist letter to Aetna that the insurer mailed the letters to customers taking medications for HIV treatment and to those taking a medication that helps prevent people from getting HIV.

In the legal organizations’ letter to Aetna, the groups demand that the insurer change its mailing practices to “ensure that this gross breach of privacy and confidentiality never reoccurs.”

FROM ANTHEM TO AETNA, MAJOR HEALTH INSURERS ARE LEAVING OBAMACARE MARKETPLACE

LAC and ALPP claim that Aetna patients reported that their family members and neighbors learned of their use of HIV medications because the information was visible to anyone who handled the envelope.

Aetna began notifying customers of the breach in letters this week, and released a statement Thursday, saying the company is reviewing the matter.

“This type of mistake is unacceptable,” the company reportedly said. “We sincerely apologize to those affected by a mailing issue that inadvertently exposed the personal health information of some Aetna members.”

The envelopes with the large window were sent to about 12,000 people last month, Bloomberg News reported.

The patients affected were in Arizona, California, Georgia, Illinois, New Jersey, New York, Ohio, Pennsylvania and Washington, D.C., according to the LAC/ALPP letter.

The Associated Press contributed to this report.