Munson Healthcare has informed patients that their personal and medical information may have been compromised in a data security incident involving its electronic health record vendor, Cerner. The health system reported that an unauthorized third party gained access to data stored on Cerner’s legacy systems. This breach may have occurred as early as January 22, 2025.
According to Munson Healthcare, Cerner initially delayed notifying affected hospital customers and patients at the request of law enforcement. Authorities determined that early notifications could potentially interfere with their investigation into the breach. The data potentially accessed includes patient names, Social Security numbers, and sensitive medical information such as medical record numbers, diagnoses, medications, and test results.
Response and Support Measures
In light of the incident, Munson Healthcare has been closely coordinating with Cerner to mitigate the impact. Cerner has secured the affected systems and initiated an incident response process, engaging external cybersecurity specialists and federal law enforcement. To help protect the individuals impacted, Cerner is offering two years of complimentary identity protection services through Experian. These services encompass identity theft protection, three-bureau credit monitoring, and internet surveillance monitoring.
Munson has sent notification letters to those believed to be affected by the incident. These letters include an engagement number and instructions on how to enroll in the offered services or obtain additional information. Patients who think they may have been impacted but did not receive a letter are encouraged to call 833-931-5700.
Rachel Roe, the chief legal officer of Munson Healthcare, acknowledged the distress caused by the incident. She stated, “Recently, some Munson Healthcare patients may have received a letter in the mail regarding an unauthorized third party gaining access to and obtaining data that was maintained by one of our electronic health record vendors, Cerner.” Roe added that Cerner took immediate steps to secure the system and is working with law enforcement and cybersecurity specialists to ensure the safety and security of patients.
Commitment to Patient Safety
Roe emphasized Munson Healthcare’s commitment to safeguarding patient information and expressed regret for any inconvenience caused. She noted that both Munson and its vendors are offering the complimentary monitoring services to help protect patient identities. “We apologize for any inconvenience this causes, and please know we are working with our vendors, taking every step possible in the future to keep your data safe,” she stated.
Patients who have questions or wish to enroll in the monitoring services can reach out to Munson Healthcare’s dedicated support line, available Monday through Friday from 08:00 to 20:00 Central time, excluding major U.S. holidays. Callers will need to provide the engagement number B158037. Additional information regarding the incident is also available on Munson Healthcare’s website, ensuring that affected individuals have access to the resources they need during this challenging time.
