LANSING – In a renewed effort to protect Michigan residents, Attorney General Dana Nessel has issued a consumer alert in response to a data breach that affected Munson Healthcare, a healthcare provider based in Traverse City, Michigan. This incident, revealed in early January 2026, was due to unauthorized access through Cerner, a third-party electronic health record vendor, leading to the exposure of sensitive patient information.
The breach compromised various personal details, including patient names, Social Security numbers, and critical medical information such as diagnoses, treatment histories, and test results. Although the total number of affected individuals has yet to be confirmed, Munson Healthcare is proactively notifying impacted patients via mail.
"Because Michigan law does not currently require companies to immediately notify my office when a data breach occurs, we often don’t know who was impacted or when until well after a concerning cyber incident," Nessel stated. Her remarks highlight the challenges in managing cybersecurity incidents under the current legal framework.
"Because Michigan law does not currently require companies to immediately notify my office when a data breach occurs, we often don’t know who was impacted or when until well after a concerning cyber incident,"
Impact and Legacy
To assist those affected, Munson Healthcare is providing free credit monitoring services through Experian for 24 months, and individuals can reach out to 833-931-5700 for more information. Nessel views this as a necessary measure amidst ongoing concerns regarding identity theft. "I urge anyone who receives a notice that their personal information may have been compromised to consider taking advantage of the free credit monitoring resources being offered," she said.
"I urge anyone who receives a notice that their personal information may have been compromised to consider taking advantage of the free credit monitoring resources being offered,"
The Attorney General has been advocating for legislative reforms aimed at strengthening data breach notification laws in Michigan. Senate Bills 360-364, which have passed the State Senate, propose enhanced protections against data breaches and identity theft. The bills remain pending before the House of Representatives.
Nessel's call for reform underscores the urgent need to safeguard residents from potential risks stemming from delays in notification. This sentiment is echoed in her assertion: "These delays put consumers at higher risk of identity theft, and our state needs stronger laws to better protect Michiganders from bad actors."
In addition to urging legislative changes, Nessel advised consumers on proactive measures to safeguard their identities in the wake of this breach. Some recommended actions include regularly reviewing credit reports from the three major agencies—Equifax, Experian, and TransUnion—and utilizing multifactor authentication across personal accounts.
"Do not retain unnecessary data or files. Strengthen or change passwords, and always be vigilant against phishing emails," Nessel advised, emphasizing the importance of proactive consumer behavior in mitigating risks.
By the Numbers
By the Numbers
By the Numbers
Furthermore, she strongly advocates for implementing a credit freeze, which can substantially reduce the likelihood of identity theft, particularly when Social Security numbers are involved. A credit freeze can prevent lenders from accessing an individual’s credit report, effectively obstructing potential identity thieves from obtaining loans or credit cards in the consumer’s name.
The need for awareness doesn't end there. Nessel provides additional guidance on recognizing signs of identity theft that may stem from a healthcare data breach. Consumers should be alert for unusual insurance claims, unexpected medical debt notifications, and errors on their Explanation of Benefits (EOB), among other red flags.
"A notice from their health insurance company saying they’ve reached their benefit limit or receiving debt collection notices for services not received are just a couple of examples of warning signs," warned Nessel.
"A notice from their health insurance company saying they’ve reached their benefit limit or receiving debt collection notices for services not received are just a couple of examples of warning signs,"
To further assist Michigan residents, Nessel launched the Michigan Identity Theft Support System (MITS), designed to help individuals restore their identities if they suspect they have been victims of fraud. When faced with the potential threat of identity theft, consumers are encouraged to file a report with the Federal Trade Commission and take immediate steps to protect their personal information.
The recent cyber incident at Munson Healthcare is a stark reminder of the vulnerabilities faced not only by healthcare providers but also by the patients they serve. As the digital landscape continues to evolve, so too must the legislation and consumer protections in place to safeguard sensitive information.