Michigan

About 100K Munson Healthcare patients may be affected by data breach

Published

3 weeks ago

January 25, 2026

MM Team

Affected knowledge might embody the affected person’s identify, social safety quantity, and medical report info.
The info breach may date again to January 2025.
Munson Healthcare did not be taught of the breach till August 2025 and did not obtain affected person names till October 2025, its chief authorized officer says.

About 100,000 Munson Healthcare sufferers, the overwhelming majority in Michigan, may very well be affected by a knowledge breach. The well being care system despatched letters concerning the challenge this month and provided free companies for 2 years to guard sufferers’ identities.

Munson Healthcare relies in Traverse Metropolis and serves individuals in 29 counties in northern Michigan, a trip vacation spot, so some sufferers in different states is also affected by the breach, Rachel Roe, the well being system’s chief authorized officer, advised the Free Press on Friday, Jan. 23.

An unauthorized third celebration has accessed knowledge maintained by an digital well being data vendor, Cerner. The info might embody a affected person’s identify, social safety quantity, and data in sufferers’ medical data, comparable to medical report numbers, physicians, diagnoses, medicines, check outcomes, care and therapy, the health care system says on its website.

Cerner decided that the unauthorized third celebration had accessed private well being info on legacy Cerner techniques utilized by Munson Healthcare as early as January 22, 2025. Roe stated Munson Healthcare realized concerning the breach from Cerner in August 2025 and relied on Cerner to supply affected person names.

She stated the well being care system didn’t obtain the names of sufferers linked to the breach till October 2025. When it acquired the names, she stated, they weren’t full knowledge units and the well being system didn’t have full addresses from Cerner.

Roe stated the well being care system needed to undergo a handbook technique of trying up particular person addresses and writing pc code to tug knowledge from Munson Healthcare’s databases so letters may very well be despatched to sufferers. She stated letters had been despatched this month.

Roe stated the well being care system acquired a proof as to why it was not notified of the breach till August 2025. She stated Cerner, which realized of the breach in January 2025, stated it instantly took steps and notified legislation enforcement, and that legislation enforcement advised Cerner to delay notifying clients so it may examine. Roe didn’t know which legislation enforcement company was investigating or whether or not costs had been filed.

Oracle acquired Cerner in 2022 to kind Oracle Well being, according to Oracle’s website. In keeping with one Becker’s Hospital Review article January 5In 2025, dozens of hospitals had affected person knowledge compromised by a breach of Oracle Well being’s older Cerner techniques.

Roe inspired affected sufferers to name the quantity listed within the letter they acquired and join, utilizing the code offered, to activate id safety protection, including, “It is extremely vital that they take the motion within the letter they acquired.” She apologized to sufferers for the inconvenience and stated retaining affected person knowledge protected “is a prime precedence for Munson.”

Roe stated the well being care system has been a Cerner buyer for 20 years, and this was the primary incident like this that has occurred. She stated the well being system will reevaluate suppliers and conduct assessments to satisfy knowledge safety requirements.

Michigan Lawyer Common Dana Nessel, reissued January 23 a Consumer warning about data breaches in gentle of this infringement. Michigan Senate payments aimed toward enhancing protections in opposition to knowledge breaches and id theft handed the Senate final 12 months and are awaiting consideration by the Michigan Home of Representatives, in accordance with a information launch from Nessel’s workplace.

“As a result of Michigan legislation doesn’t at present require corporations to instantly notify my workplace when a knowledge breach happens, we regularly do not know who was affected or when till lengthy after a regarding cyber incident,” she stated. “These delays put customers at higher threat for id theft, and our state wants stronger legal guidelines to higher defend Michiganders from unhealthy actors. I urge anybody who receives a notification that their private info might have been compromised to contemplate benefiting from the free credit score monitoring assets provided.”

Nessel stated customers can defend themselves from a knowledge breach by anticipating phishing emails; strengthen or change passwords; not hold pointless knowledge or recordsdata; utilizing multi-factor authentication on gadgets and accounts, and repeatedly reviewing their credit score report.

They’ll additionally freeze their credit score, which her launch stated is vital when Social Safety numbers are utilized in a knowledge breach.

Nessel stated defending medical info after a knowledge breach is vital.

Warning indicators that somebody is utilizing another person’s info embody: a invoice from their physician for companies they didn’t obtain; errors in explaining advantages for companies they by no means acquired or medicines they do not take; calls from assortment businesses about medical payments they do not owe; medical assortment notices on their credit score report that they do not acknowledge; a discover from their well being insurer stating that they’ve reached their profit restrict and that they don’t have insurance coverage protection resulting from a pre-existing situation that they don’t have.

Nessel additionally reminded residents of the Michigan Identity Theft Support System to assist individuals who wish to recuperate their stolen id.

Contact Christina Corridor: chall@freepress.com. Observe her on X: @challreporter.

Assist native journalism. Subscribe to the Free Press.

Ship a letter to the editor at freep.com/letters.