Munson Healthcare has informed patients that their personal and medical information may have been compromised due to a data security incident involving the electronic health record vendor, Cerner. The breach occurred when unauthorized access was gained to data stored on Cerner’s legacy systems, with the vendor reporting that this access could have begun as early as January 22, 2025.
The healthcare system’s announcement detailed that Cerner’s decision to delay notification to affected patients and hospital customers was made at the request of law enforcement. Authorities advised that premature notifications might have hindered the ongoing investigation into the breach. According to Munson Healthcare, the data potentially exposed includes patient names, Social Security numbers, and various medical record details such as diagnoses, medications, and treatment information.
Response and Support for Affected Patients
In response to the breach, Munson Healthcare has been closely coordinating with Cerner. The vendor has taken steps to secure the compromised systems and has initiated its incident response process. Additionally, Cerner has engaged external cybersecurity experts and federal law enforcement to address the situation effectively.
To mitigate the impact on those affected, Cerner is providing two years of complimentary identity protection services through Experian. These services encompass identity theft protection, credit monitoring across three credit bureaus, and internet surveillance monitoring. Munson Healthcare has dispatched notification letters to individuals believed to have been impacted, outlining how to enroll in the protective services.
For patients who suspect they may be affected but have not received a letter, Munson encourages them to contact a dedicated helpline at 833-931-5700.
Commitment to Patient Safety
Rachel Roe, Chief Legal Officer at Munson Healthcare, emphasized the organization’s dedication to safeguarding patient information. She stated, “Cerner, our vendor, took steps to secure the system and engaged with law enforcement and cybersecurity specialists to ensure our patients’ safety and security.”
Roe further expressed regret for any inconvenience caused by the incident and reassured patients that Munson is taking all necessary measures to enhance data security in the future.
Patients with inquiries or those wishing to enroll in the identity monitoring services can call the helpline from 8 a.m. to 8 p.m. Central time, Monday through Friday, excluding major U.S. holidays. Callers will need to provide the engagement number B158037 to access the services. More information regarding the incident is also available on Munson Healthcare’s official website.
This incident highlights the ongoing challenges healthcare organizations face regarding data security and the importance of prompt and transparent communication with patients during such events.
