In Danville, Pennsylvania, a significant data breach involving over one million Geisinger patients has surfaced, linked to a former employee of Nuance Communications Inc., the hospital’s IT service provider. Discovered on November 29, 2023, the breach led to an immediate response from Geisinger and Nuance, with the former employee’s access swiftly terminated upon detection. Law enforcement, involved from the outset, requested a delay in notifying affected patients to aid their investigation into the breach, which compromised varying personal details such as names, dates of birth, addresses, and medical record numbers.
Nuance’s investigation revealed that the ex-employee may have illicitly accessed and potentially obtained information from a wide scope of Geisinger patients, although sensitive financial data and Social Security numbers were reportedly not compromised. Despite the breach’s severity, no claims or financial information beyond certain personal identifiers were accessed, reassuring patients about the limited nature of the data breach.
Geisinger’s chief privacy officer, Jonathan Friesen, emphasized the institution’s commitment to patient privacy and cooperation with law enforcement throughout the investigation. The arrest of the former employee on federal charges underscores the seriousness of the incident, reassuring the public of legal repercussions for such breaches of trust and data security. Geisinger has urged affected patients to review their notices carefully and take proactive steps to monitor any potential misuse of their personal information, offering dedicated support for addressing concerns related to the breach.
