Northern Michigan health system Munson Healthcare has notified approximately 120,000 patients that their data may have been compromised in a breach involving one of the hospital’s third-party vendors. The incident is part of a growing pattern of healthcare data breaches caused not by attacks on hospitals directly, but by breaches at the technology vendors and service providers they rely on.
Learn what to do if you receive a healthcare data breach notice on OpenClassActions.com.
What Happened
Munson Healthcare, which operates hospitals and clinics across northern Michigan, disclosed that a data breach at one of its third-party vendors resulted in the potential exposure of patient information. The compromised data may include names, dates of birth, medical record numbers, treatment information, and insurance details.
This breach follows a broader trend in healthcare where third-party vendors have become the weak link in data security. Hospitals may invest heavily in their own cybersecurity, but if the vendors they share data with are breached, patients are still exposed. In the Traverse City, Michigan area, Munson is one of several organizations recently affected by vendor-related breaches, along with insurance brokerage Hagerty.
Who Is Affected
Approximately 120,000 Munson Healthcare patients are potentially affected. Patients who received care at any Munson Healthcare facility — including Munson Medical Center in Traverse City, Paul Oliver Memorial Hospital, and Kalkaska Memorial Health Center — should watch their mail for breach notification letters.
What You Should Do
If you are a Munson Healthcare patient and receive a breach notification, review your insurance statements for any unfamiliar claims. Healthcare breaches can lead to medical identity theft, where someone uses your information to obtain medical treatment or prescription drugs. This can create dangerous errors in your medical record. Contact Munson’s patient services if you notice any discrepancies in your records.
This article is for informational purposes only and does not constitute legal advice. Written by Steve Levine for OpenClassActions.org.