Michigan Attorney General Dana Nessel has reissued a consumer alert regarding data breaches after a cyber incident in 2025 compromised patient information at Munson Healthcare, which serves Northern Michigan communities. The breach occurred through unauthorized access to Cerner, a third-party electronic health record vendor, and exposed sensitive data such as names, Social Security numbers, and medical records including diagnoses and test results.
The number of Michigan residents affected is still unknown to the Department of Attorney General. Munson Healthcare is notifying impacted patients by mail and is offering 24 months of free credit monitoring via Experian. Additional information is available by calling 833-931-5700.
Attorney General Nessel continues to call for stronger laws requiring companies to notify her office immediately when a data breach occurs. She stated that current law does not require this prompt notification: “Because Michigan law does not currently require companies to immediately notify my office when a data breach occurs, we often don’t know who was impacted or when until well after a concerning cyber incident,” Nessel said. “These delays put consumers at higher risk of identity theft, and our state needs stronger laws to better protect Michiganders from bad actors. I urge anyone who receives a notice that their personal information may have been compromised to consider taking advantage of the free credit monitoring resources being offered.” Senate Bills 360-364 were passed by the Michigan Senate last year and are awaiting review in the House.
Nessel’s office provided guidance for those affected by the breach:
– Be wary of phishing emails.
– Change or strengthen passwords.
– Remove unnecessary files.
– Use multifactor authentication.
– Regularly check credit reports; free weekly reports are available from Equifax, Experian, and TransUnion via the Annual Credit Report website.
A credit freeze can also be an effective tool if Social Security numbers are exposed; this prevents creditors from accessing credit reports and issuing new loans or cards in someone else’s name.
Protecting medical information is another concern highlighted by Nessel’s office. Warning signs include receiving bills for services never received, errors in Explanation of Benefits statements, calls from debt collectors about unknown bills, unfamiliar medical debt on credit reports, notices about reaching insurance benefit limits unexpectedly, or denied coverage due to conditions not present.
To help victims restore their identities after such incidents, the Attorney General’s Michigan Identity Theft Support System (MITS) offers assistance with steps such as reviewing warning signs of identity theft, determining what information was compromised, contacting financial institutions, checking credit reports and freezing credit if necessary. Consumers may also file an FTC Identity Theft Report or police report if needed.
For additional help or to file complaints related to consumer protection issues—including scams and breaches—residents can contact the Consumer Protection Team by mail (P.O. Box 30213 Lansing MI 48909), phone (517-335-7599 or toll-free 877-765-8388), fax (517-241-3771), or online complaint form.
The Michigan State Executive – Attorney General serves as the chief legal office for Michigan residents with authority across the state to safeguard vulnerable populations through public service initiatives like addressing data breaches and handling consumer complaints.
