Cherry Health, the Grand Rapids community health network, is warning patients and staff that an unauthorized person may have accessed and copied information from its computer systems. In a notice dated June 18, 2026, the organization said it first spotted suspicious activity on or about April 19 and is now running a full-scale review to figure out which records were touched. Cherry Health also said it currently has no evidence that any of the accessed information has been used to carry out identity theft or fraud.
What Cherry Health says happened
In a preliminary notice posted online, Cherry Health reports that it became aware of suspicious activity in its network on or about April 19. The organization says it moved quickly to secure its systems and brought in third-party specialists to investigate.
According to the notice, the investigation found that certain information stored on Cherry Health’s network was accessed and copied by an unauthorized individual. The provider says it is still reviewing the scope of the incident to determine which patients or staff members are affected. Once that review is complete, Cherry Health says it will send written letters to those potentially impacted and will set up a call center to answer questions.
What might have been exposed
The provider and local reporting list several categories of information that may have been involved. Depending on the person, that could include names, addresses, phone numbers, dates of birth, health insurance information and ID numbers, patient ID numbers, provider names, and service dates. In a limited number of cases, Social Security numbers may also be involved.
Cherry Health’s notice stresses that the specific data affected will vary by individual and that the review is still in progress.
Cherry Health's immediate response
Cherry Health says it has put safeguards in place in the wake of the incident and is continuing to work with outside specialists to finalize its review and notify anyone whose data may have been compromised. The provider also says it is offering guidance on steps people can take to protect themselves from identity theft, and that call-center staff will be available to talk with individuals who believe they could be affected.
How to protect yourself
The Federal Trade Commission's IdentityTheft.gov site provides step-by-step instructions for anyone worried about exposed personal data. That includes how to check credit reports, place a fraud alert, put a freeze on credit, and file an official identity-theft report.
Consumer guidance in Cherry Health’s notice mirrors those recommendations, steering people toward free credit-report resources and the three major credit bureaus for added protections. For immediate help with recovery steps and reporting, IdentityTheft.gov remains the federal government’s primary hub.
Why this matters locally
Cherry Health is the largest federally qualified health center in Michigan and operates multiple locations across Kent County, serving tens of thousands of patients each year. Local reporting and the organization’s own materials note that it runs a major clinic hub in downtown Grand Rapids, which means a broad swath of local residents are now waiting to find out whether their records are part of the incident.
People with questions can write to Cherry Health at the address listed in its preliminary notice or call the dedicated phone line set up for this event. For those who want to keep tabs on larger healthcare data incidents, the Department of Health and Human Services’ Office for Civil Rights maintains a public breach portal for HIPAA-reportable events.
