Upcoming Virtual Event: Cloud Security Summit | July 17 - Register Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Former Nuance Employee Arrested After Geisinger Data Breach Exposed 1.2 Million Records

A class action lawsuit was filed against Geisinger for failing to properly secure patients’ personal and health information.

Pennsylvania healthcare provider Geisinger is facing a class action lawsuit after a former Nuance employee accessed the personal information of more than 1.2 million individuals in November 2023.

Geisinger discovered the data breach in late November and immediately notified Nuance – a Microsoft-owned company – that “a former Nuance employee had accessed certain Geisinger patient information two days after the employee had been terminated,” the company said in an incident notice. The employee’s access to the data was immediately terminated.

The information that was potentially accessed and stolen, the healthcare provider said, included names, addresses, dates of birth, phone numbers, race, gender, admit and discharge or transfer codes, and medical record numbers.

“No claims or insurance information, credit card or bank account numbers, other financial information, or Social Security numbers were inappropriately accessed by the company’s former employee,” Geisinger said.

According to the company, Nuance is notifying individuals potentially impacted by the incident, and the former employee – Max Vance, aka Andre J. Burke – has been arrested and indicted.

Geisinger said notifications to impacted individuals were delayed at the request of law enforcement agencies investigating the incident.

Last month, Geisinger informed the U.S. Department of Health and Human Services that 1,276,026 individuals were affected by the data breach.

Last week, a federal class action lawsuit was filed against Geisinger in the U.S. Middle District Court of Pennsylvania for failing to properly secure patients’ personal and health information. The plaintiff, James Wierbowski, seeks damages of more than $5 million.

Advertisement. Scroll to continue reading.

Recently acquired by Kaiser Permanente’s non-profit charitable organization Risant Health, Geisinger operates 134 care sites across Pennsylvania, including 10 hospital campuses, and has over 26,000 employees.

Related: 300k Affected by Year-Old Data Breach at Florida Community Health Centers

Related: Prudential Financial Data Breach Impacts 2.5 Million

Related: Neiman Marcus Data Breach Disclosed as Hacker Offers to Sell Stolen Information

Related: Data Breach Victims Sue Rhode Island Transit Agency, Insurer

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Craig Boundy has left Experian to join McAfee as President and CEO.

Forcepoint has promoted Ryan Windham from Chief Customer and Strategy Officer to Chief Executive Officer.

ICS and OT cybersecurity solutions provider TXOne Networks appointed Stephen Driggers as its new CRO.

More People On The Move

Expert Insights