Munson Healthcare has informed patients that their personal and medical information may have been compromised in a data security incident linked to the electronic health record vendor Cerner. According to Munson Healthcare, Cerner determined that an unauthorized third party accessed data stored on its legacy systems, with the breach potentially occurring as early as January 22, 2025.
The health system noted that Cerner delayed notifying affected hospitals and patients at the request of law enforcement, which believed that early notification could hinder its investigation. The exposed information may include patient names, Social Security numbers, and sensitive data from medical records, such as medical record numbers, physician details, diagnoses, medications, test results, images, and information related to care and treatment.
Details on Response and Support Services
Since discovering the breach, Munson Healthcare has been in close coordination with Cerner. The vendor has secured the affected systems, initiated its incident response process, and engaged external cybersecurity specialists, in addition to federal law enforcement agencies. In response to the incident, Cerner is offering two years of complimentary identity protection services to affected individuals through Experian. These services encompass identity theft protection, three-bureau credit monitoring, and internet surveillance monitoring.
Munson Healthcare has started sending notification letters to individuals believed to be impacted. Each letter includes an engagement number and detailed instructions on how to enroll in the offered services or obtain further information. Patients who suspect they may have been affected but did not receive a letter are encouraged to call 833-931-5700 for assistance.
“Recently, some Munson Healthcare patients may have received a letter in the mail regarding an unauthorized third party gaining access to and obtaining data that was maintained by one of our electronic health record vendors, Cerner,” stated Rachel Roe, Munson Healthcare’s chief legal officer. “Cerner, our vendor, took steps to secure the system and engaged with law enforcement and cybersecurity specialists to ensure our patients’ safety and security.”
Roe highlighted Munson’s commitment to safeguarding patient information and the provision of complimentary monitoring services to mitigate risks associated with this incident. “We apologize for any inconvenience this causes, and please know we are working with our vendors, taking every step possible in the future to keep your data safe,” she added.
Patients with inquiries or who wish to enroll in the monitoring services can call the aforementioned number, available Monday through Friday from 8 a.m. to 8 p.m. Central Time, excluding major U.S. holidays. Callers will need to provide the engagement number B158037. Additional information about the incident is also accessible on Munson Healthcare’s website.
This data breach serves as a critical reminder of the vulnerabilities that exist within healthcare systems and the importance of robust cybersecurity measures to protect patient information.
