Munson Healthcare has notified patients that their personal and medical information may have been compromised in a data security incident involving the electronic health record vendor, Cerner. The healthcare provider reported that an unauthorized third party gained access to data stored on Cerner’s legacy systems, with potential breaches dating back to January 22, 2025.
The situation unfolded when Cerner initiated an internal investigation and subsequently alerted Munson Healthcare about the unauthorized access. According to Munson, law enforcement advised Cerner to delay notification to affected customers and patients, believing that early communication might hinder ongoing investigations. As a result, patients may have been unaware of the breach for an extended period.
The data potentially accessed includes sensitive information such as patient names, Social Security numbers, and various details contained within medical records, including medical record numbers, physicians, diagnoses, medications, test results, and information related to care and treatment.
Response and Support for Affected Patients
In response to the incident, Munson Healthcare stated that it is working closely with Cerner to manage the situation. Cerner has already taken steps to secure the affected systems and has engaged external cybersecurity specialists, alongside federal law enforcement agencies, to support the investigation.
To mitigate the impact on those affected, Cerner is offering two years of complimentary identity protection services through Experian. These services encompass identity theft protection, credit monitoring from all three major credit bureaus, and internet surveillance monitoring. Munson Healthcare has sent notification letters to individuals believed to be impacted, which include an engagement number and instructions on how to enroll in the offered services or obtain further information.
Patients who may believe they were affected but have not received a letter are encouraged to reach out via the toll-free number 833-931-5700. The service is available Monday through Friday from 8 a.m. to 8 p.m. Central time, excluding major U.S. holidays. Callers will need to provide the engagement number B158037 to facilitate assistance.
Commitment to Patient Security
Rachel Roe, Munson Healthcare’s chief legal officer, addressed the issue, stating, “Recently, some Munson Healthcare patients may have received a letter in the mail regarding an unauthorized third party gaining access to and obtaining data that was maintained by one of our electronic health record vendors, Cerner.” She emphasized that Cerner took prompt action to secure the system and collaborated with law enforcement and cybersecurity specialists to ensure patient safety.
Roe reiterated Munson’s commitment to safeguarding patient information. “We apologize for any inconvenience this causes, and please know we are working with our vendors, taking every step possible in the future to keep your data safe,” she added.
For ongoing updates and additional information regarding this incident, Munson Healthcare encourages individuals to visit their official website. The organization remains focused on transparency and support for those affected during this challenging situation.
