Munson Healthcare Confirms Cerner Data Breach Affecting Grand Traverse Patients

Munson Healthcare confirmed that an unauthorized third party accessed personal health information stored on legacy Cerner systems used by the hospital system, a breach that potentially affects patients served in Grand Traverse County. The vendor Cerner determined that the access occurred at least as early as Jan. 22, 2025, and Munson says it began investigating as soon as it learned of the incident.

Munson Healthcare said the data accessed may have included patient names, Social Security numbers and information contained in medical records such as medical record numbers, attending doctors, diagnoses, medications, test results, images and details of care and treatment. Cerner took steps to secure the affected systems and engaged law enforcement and cybersecurity specialists as part of the response.

To help protect patient identities, Munson Healthcare and Cerner are offering two complimentary services. Patients may enroll in Experian IdentityWorksSM Credit Plus 3B for credit monitoring for 24 months; that service requires enrollment to take effect. Munson Healthcare also said patients have access to Identity Restoration for 24 months, a service that does not require any action at this time. The hospital system provided a toll-free number for people with questions or concerns and said it is working with vendors to strengthen data protections going forward.

For Traverse City and Grand Traverse County residents, the breach carries potential financial and medical consequences. Social Security numbers combined with medical and billing information raise the risk of both identity theft and medical identity fraud, which can lead to unexpected bills, incorrect entries in medical records and delays in care. Patients who receive care at Munson Medical Center or affiliated clinics should review their medical statements, Explanation of Benefits from insurers and bank and credit-card accounts for unfamiliar activity.

Practical steps for affected patients include enrolling in the offered Experian monitoring if they receive an enrollment notice, keeping records of any suspicious medical bills, and watching insurer and provider portals for unauthorized changes. Identity Restoration coverage for 24 months is available without action, but proactive enrollment in credit monitoring will provide alerts on new credit inquiries and accounts. Munson Healthcare is the point of contact for questions and next steps and is coordinating with Cerner and external cybersecurity teams.

This breach underscores the vulnerability of legacy health-record systems and the local stakes for Grand Traverse County patients. Expect Munson Healthcare to provide additional updates as its review continues; meanwhile, enroll in protections, monitor accounts, and contact the hospital if you suspect your information was compromised.