Munson Healthcare is providing notice pertaining to a recent incident experienced by a third-party electronic health record (EHR) vendor, Cerner. Because the vendor provides services to Munson, personal information may have been involved in this incident.
Munson learned that an unauthorized third party gained access to and obtained data that was maintained by the vendor. The vendor has determined through an investigation that, at least as early as January 22, 2025, an unauthorized third party gained access to personal health information on legacy Cerner systems. The vendor later informed Munson that law enforcement investigators directed a delay in notifying patients, as well as hospital customers, about this incident because it could have impeded their investigation.
The impacted data may have included names, Social Security numbers, and information included within patient medical records, such as medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment.
Munson is coordinating closely with the vendor. As soon as the vendor learned of the incident, the vendor initiated its critical incident response process and took steps to secure the impacted systems. The vendor also began an investigation and engaged external cybersecurity specialists to help. The vendor also engaged with federal law enforcement.
Design Standards as Strategic Assets
Rising Violence is Exposing Gaps in Hospital Security
Murray County Medical Center Reports Data Security Incident
Probiotic Cleaning: A Complementary Strategy for Safer Hospital Floors
VITAS Healthcare Breaks Ground on New Inpatient Hospice Center in Florida