Munson Healthcare is providing notice pertaining to a recent incident experienced by a third-party electronic health record (EHR) vendor, Cerner. Because the vendor provides services to Munson, personal information may have been involved in this incident.
Munson learned that an unauthorized third party gained access to and obtained data that was maintained by the vendor. The vendor has determined through an investigation that, at least as early as January 22, 2025, an unauthorized third party gained access to personal health information on legacy Cerner systems. The vendor later informed Munson that law enforcement investigators directed a delay in notifying patients, as well as hospital customers, about this incident because it could have impeded their investigation.
The impacted data may have included names, Social Security numbers, and information included within patient medical records, such as medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment.
Munson is coordinating closely with the vendor. As soon as the vendor learned of the incident, the vendor initiated its critical incident response process and took steps to secure the impacted systems. The vendor also began an investigation and engaged external cybersecurity specialists to help. The vendor also engaged with federal law enforcement.
Cleanliness in Hospitals: Clinical Priority and Community Perception
Dana-Farber Receives $50M Gift for Planned Cancer Hospital
Clarinda Regional Health Center Reports Data Security Incident
Gaps in Nurses' Environmental Cleaning Knowledge Grow Amid Rising EVS Pressures
Ground Broken on the Southern Nevada Forensic Facility