Geisinger, a leading healthcare system in Pennsylvania, has reported a significant data breach involving a former employee of Nuance, an IT services provider associated with the organization, Bleepingcomputer reports.
In a recent announcement, Geisinger disclosed that in November 2023, they detected unauthorized access to their patients’ database by a former Nuance employee.
Upon discovery, Geisinger promptly informed Nuance, which took immediate action to block the ex-employee’s access to Geisinger’s systems.
“On Nov. 29, 2023, Geisinger discovered and immediately notified Nuance that a former Nuance employee had accessed certain Geisinger patient information two days after the employee had been terminated,” the announcement stated.
Following this, Nuance permanently revoked the ex-employee’s access and reported the incident to law enforcement. The individual was subsequently arrested and charged.
The investigation revealed that the compromised data included:
- Full name
- Phone number
- Date of birth
- Address
- Admit and discharge or transfer code
- Medical record number
- Race and gender
- Facility name abbreviation
The specific data exposed varied for each individual, based on the services received from Geisinger. Fortunately, the breach did not affect insurance information, credit card details, bank account numbers, Social Security Numbers (SSN), or other financial data.
The motives behind the ex-employee’s actions and whether the stolen data has been shared with cybercriminals remain unclear. Potentially affected individuals are advised to stay vigilant.
Geisinger recommends that those notified about the breach review their statements carefully and contact their health insurers immediately if they notice any unfamiliar entries.
Law firm Lynch Carpenter has initiated an investigation to assess the incident’s scope and is considering the possibility of a class action lawsuit against Geisinger.
