Key Takeaways
- Over 100,000 Munson Healthcare patients are being notified of a data breach that occurred in 2025
- The breach involved unauthorized access to patient data, including names, Social Security numbers, and medical records
- Michigan Attorney General Dana Nessel is renewing her call for a law requiring companies to immediately report data breaches
- Consumers are being offered free credit monitoring for 24 months and can take steps to protect themselves, including watching out for phishing emails and strengthening passwords
- The Michigan Identity Theft Support System is available to help residents restore their stolen identities
Introduction to the Data Breach
The recent data breach at Munson Healthcare has affected over 100,000 patients, prompting the Michigan Attorney General to renew her call for a law requiring companies to immediately report cyber attacks. The breach, which occurred through a third-party electronic health record vendor, Cerner, resulted in the unauthorized access to patient data, including names, Social Security numbers, and medical records. The incident is a stark reminder of the importance of protecting sensitive information and the need for companies to be transparent about data breaches.
The Breach and Its Consequences
The data breach at Munson Healthcare occurred at least as early as January 22, 2025, and involved the unauthorized access to patient data through Cerner, a third-party electronic health record vendor. The breach compromised personal data, including patient names, Social Security numbers, and information included within patient medical records, such as medical record numbers, doctors, diagnoses, medicines, test results, images, care, and treatment. As a result, Munson Healthcare is notifying impacted patients by mail and offering free credit monitoring for 24 months through Experian. Consumers can call 833-931-5700 for additional information.
The Need for Immediate Reporting of Data Breaches
The Michigan Attorney General, Dana Nessel, is renewing her call for Michigan to pass a law requiring companies to immediately report data breaches to her office. This would allow the AG’s office to quickly alert the public and provide consumers with the necessary information to protect themselves. Senate Bills 360-364, which aim to enhance protections against data breaches and identity theft, passed the Michigan Senate last year and await consideration before the Michigan House. Nessel urges anyone who receives a notice that their personal information may have been compromised to consider taking advantage of the free credit monitoring resources being offered.
Protecting Yourself During a Data Breach
Consumers can take several steps to protect themselves during a data breach. These include watching out for phishing emails, strengthening or changing passwords, not retaining unnecessary data or files, using multifactor authentication on devices and accounts, and reviewing their credit report often. Consumers can also take advantage of free weekly credit reports from each of the three main credit reporting agencies (Equifax, Experian, and TransUnion) by contacting the Annual Credit Report website. Additionally, the Michigan Identity Theft Support System is available to help residents seeking to restore their stolen identities.
Conclusion and Next Steps
The data breach at Munson Healthcare is a reminder of the importance of protecting sensitive information and the need for companies to be transparent about data breaches. Consumers who have been affected by the breach should take advantage of the free credit monitoring resources being offered and take steps to protect themselves. The Michigan Attorney General’s call for a law requiring companies to immediately report data breaches is a step in the right direction, and it is essential that consumers and lawmakers work together to prevent such incidents in the future. By being proactive and taking the necessary precautions, consumers can minimize the risk of identity theft and protect their personal information.
