Munson Healthcare has informed patients that their personal and medical information may have been compromised in a data security incident linked to the electronic health record vendor, Cerner. The breach reportedly involved unauthorized access to data stored on Cerner’s legacy systems, with the incident potentially beginning as early as January 22, 2025.
According to Munson Healthcare, Cerner’s investigation revealed that the unauthorized access may have affected sensitive information, including patient names, Social Security numbers, and details from medical records such as diagnoses, medications, and test results. The organization stated that Cerner delayed notifying affected patients at the request of law enforcement, which advised that early notification could impede ongoing investigations.
To address the situation, Munson Healthcare has been in close coordination with Cerner following the discovery of the breach. Cerner has since secured the affected systems, launched its incident response process, and engaged external cybersecurity specialists, along with federal law enforcement, to assess the situation thoroughly.
Identity Protection Services Offered
In an effort to protect those potentially affected, Cerner is providing two years of complimentary identity protection services through Experian. These services include identity theft protection, three-bureau credit monitoring, and internet surveillance monitoring. Munson Healthcare has sent notification letters to individuals believed to be impacted, which include an engagement number and instructions for enrolling in these services.
Patients who think they may have been affected but have not received a notification letter are encouraged to reach out by calling 833-931-5700.
“The recent incident has raised concerns for some Munson Healthcare patients regarding unauthorized access to data maintained by Cerner,” stated Rachel Roe, Chief Legal Officer of Munson Healthcare. “Cerner took appropriate steps to secure its systems and collaborated with law enforcement and cybersecurity experts to ensure the safety and security of our patients.”
Roe expressed the organization’s commitment to safeguarding patient information and emphasized the importance of the identity protection services being offered. “We apologize for any inconvenience this situation may cause and want our patients to know we are diligently working with our vendors to enhance data security in the future,” she added.
Patients with questions or those wishing to enroll in the monitoring services can contact the toll-free number, available Monday through Friday from 8 a.m. to 8 p.m. Central time, excluding major U.S. holidays. Callers will need to provide the engagement number B158037. Additional information about the incident can also be found on Munson Healthcare’s website, reflecting the organization’s commitment to transparency during this challenging situation.