Cherry Health discloses data breach after suspected ransomware outage

On 18 June 2026, Cherry Health — a Grand Rapids–based nonprofit and the largest federally qualified health center (FQHC) in Michigan — posted a preliminary notice confirming a data breach following a security incident on its network. According to the notice, the organization first detected suspicious network activity on or about 19 April 2026 and subsequently experienced a days-long outage that has been widely reported as the result of a ransomware attack.

What happened

Cherry Health said that after identifying the unusual activity, it launched an investigation with the support of third-party forensic specialists and moved to secure its environment. The investigation determined that an unauthorized actor accessed and copied certain data from its systems. The provider characterized the disclosure as a preliminary notice, noting that a comprehensive review of the affected data was still ongoing and that the total number of impacted individuals had not yet been determined.

Data exposed

The information potentially involved varies by individual but may include names, addresses, phone numbers, dates of birth, health insurance information and ID numbers, patient ID numbers, provider names, dates of service, and Social Security numbers. Cherry Health stated that, as of the disclosure, it had no evidence that any of the affected information had been misused to commit identity theft or fraud.

Context

Cherry Health operates a network of community health centers across Michigan, providing primary care, dental, behavioral health, and pharmacy services to a largely underserved patient population. No ransomware group publicly claimed the attack, and the provider did not attribute the intrusion to a named threat actor. The incident adds to a sustained wave of ransomware and data-theft campaigns targeting U.S. healthcare providers, whose troves of sensitive medical and identity data make them frequent extortion targets.