Munson Healthcare Hit by Major Data Breach Linked to Oracle Health EHR Vulnerability

Munson Healthcare, a Michigan-based healthcare provider, disclosed a major data breach following the exploitation of a vulnerability in the Oracle Health electronic health record (EHR) software used in its daily operations.

 

In a data security incident notice posted on its website, Munson Healthcare said that Oracle Health notified the organisation of a breach in which threat actors gained unauthorised access to legacy Cerner systems on January 22 and stole confidential data belonging to the healthcare provider.

 

Upon identifying, Munson Healthcare immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

The investigation determined that the sensitive personal data including patient’s names, Social Security numbers, medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment details were compromised during the incident. 

 

In a statement shared with local media, Chief Legal Officer Rachel Roe said the healthcare center determined that at least 100,181 patients were impacted and has issued breach notifications to those individuals.

 

“We began investigating the incident as soon as we learned of it. Cerner, our vendor, took steps to secure the system, and engaged with law enforcement and cybersecurity specialists to ensure our patients’ safety and security,” Munson Healthcare said.

 

Munson Healthcare has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

 

It has also offered two years of complimentary identity protection and credit monitoring services through Experian IdentityWorksSM to all affected individuals.

 

Oracle Health, formerly known as Cerner, is a US-based multinational healthcare software provider specialiSing in health information technology platforms and services, including Electronic Health Records (EHR) and business operations systems for hospitals and healthcare organisations.

 

Last year, Oracle Health experienced a significant data breach involving legacy Cerner data migration servers that had not yet been migrated to Oracle Cloud. The breach was discovered around February 20, 2025, but the unauthorised access occurred approximately from January 22, 2025. Attackers used compromised customer credentials to access and copy sensitive patient data, potentially including electronic health records, to a remote server.