CENTRE COUNTY — Geisinger patients were notified in a statement by Geisinger on Monday, June 24, that a security breach of over 1 million patients’ data had occurred on Nov. 29, 2023.
In November of last year, Geisinger discovered that Nuance Communications Inc., the outside vendor that provides information technology services to Geisinger, had a security breach by a former employee. The employee accessed certain Geisinger patient information two days after their employment with Nuance Communications was terminated.
An investigation was pursued by law enforcement, who had asked Nuance Communications at the time to refrain from informing patients of the security breach to not hinder the investigation.
Now Nuance Communications and Geisinger are updating patients about the status of the investigation, noting in the press release the former employee has been arrested and is facing federal charges.
“Our patients’ and members’ privacy is a top priority, and we take protecting it very seriously,” said Jonathan Friesen, Geisinger chief privacy officer, in the statement. “We continue to work closely with the authorities on this investigation, and while I am grateful that the perpetrator was caught and is now facing federal charges, I am sorry that this happened.”
It was discovered that the former employee may have accessed varied information for more than 1 million Geisinger patients. Information varied on a patient-to-patient basis but “included patients’ names in combination with one or more of the following: date of birth, address, admit and discharge or transfer code, medical record number, race, gender, phone number and facility name abbreviation,” according to the release.
Geisinger did note that “no claims or insurance information, credit card or bank account numbers, other financial information or social security numbers were inappropriately accessed by the company’s former employee.”
Patients impacted by the security breach have been notified.
