Munson Healthcare is providing notice pertaining to a recent incident experienced by a third-party electronic health record (EHR) vendor, Cerner. Because the vendor provides services to Munson, personal information may have been involved in this incident.
Munson learned that an unauthorized third party gained access to and obtained data that was maintained by the vendor. The vendor has determined through an investigation that, at least as early as January 22, 2025, an unauthorized third party gained access to personal health information on legacy Cerner systems. The vendor later informed Munson that law enforcement investigators directed a delay in notifying patients, as well as hospital customers, about this incident because it could have impeded their investigation.
The impacted data may have included names, Social Security numbers, and information included within patient medical records, such as medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment.
Munson is coordinating closely with the vendor. As soon as the vendor learned of the incident, the vendor initiated its critical incident response process and took steps to secure the impacted systems. The vendor also began an investigation and engaged external cybersecurity specialists to help. The vendor also engaged with federal law enforcement.
The Role of Positive Distraction in Pediatric Design
Healthcare Waste is Fueling America's Debt
Prairie Lakes Healthcare System to Rebrand Following Sanford Health Merger
How Digital Technologies Are Reshaping Performance in Healthcare Facilities
The Role of Plumbing in Healthcare-Associated Infections