Munson Healthcare is providing notice pertaining to a recent incident experienced by a third-party electronic health record (EHR) vendor, Cerner. Because the vendor provides services to Munson, personal information may have been involved in this incident.
Munson learned that an unauthorized third party gained access to and obtained data that was maintained by the vendor. The vendor has determined through an investigation that, at least as early as January 22, 2025, an unauthorized third party gained access to personal health information on legacy Cerner systems. The vendor later informed Munson that law enforcement investigators directed a delay in notifying patients, as well as hospital customers, about this incident because it could have impeded their investigation.
The impacted data may have included names, Social Security numbers, and information included within patient medical records, such as medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment.
Munson is coordinating closely with the vendor. As soon as the vendor learned of the incident, the vendor initiated its critical incident response process and took steps to secure the impacted systems. The vendor also began an investigation and engaged external cybersecurity specialists to help. The vendor also engaged with federal law enforcement.
From Downtime to Data: Rethinking Restroom Reliability in Healthcare
LeChase Building Four-Story Addition to UHS Delaware Valley Hospital
AdventHealth Sebring Breaks Ground on Expansion Project
Regulations Take the Lead in Healthcare Restroom Design
AHN Allegheny Valley Hospital Opens Expanded Inpatient Rehabilitation Unit