Pennsylvania healthcare provider Geisinger is facing a class action lawsuit after a former Nuance employee accessed the personal information of more than 1.2 million individuals in November 2023.
Geisinger discovered the data breach in late November and immediately notified Nuance – a Microsoft-owned company – that “a former Nuance employee had accessed certain Geisinger patient information two days after the employee had been terminated,” the company said in an incident notice. The employee’s access to the data was immediately terminated.
The information that was potentially accessed and stolen, the healthcare provider said, included names, addresses, dates of birth, phone numbers, race, gender, admit and discharge or transfer codes, and medical record numbers.
“No claims or insurance information, credit card or bank account numbers, other financial information, or Social Security numbers were inappropriately accessed by the company’s former employee,” Geisinger said.
According to the company, Nuance is notifying individuals potentially impacted by the incident, and the former employee – Max Vance, aka Andre J. Burke – has been arrested and indicted.
Geisinger said notifications to impacted individuals were delayed at the request of law enforcement agencies investigating the incident.
Last month, Geisinger informed the U.S. Department of Health and Human Services that 1,276,026 individuals were affected by the data breach.
Last week, a federal class action lawsuit was filed against Geisinger in the U.S. Middle District Court of Pennsylvania for failing to properly secure patients’ personal and health information. The plaintiff, James Wierbowski, seeks damages of more than $5 million.
Recently acquired by Kaiser Permanente’s non-profit charitable organization Risant Health, Geisinger operates 134 care sites across Pennsylvania, including 10 hospital campuses, and has over 26,000 employees.
Related: 300k Affected by Year-Old Data Breach at Florida Community Health Centers
Related: Prudential Financial Data Breach Impacts 2.5 Million
Related: Neiman Marcus Data Breach Disclosed as Hacker Offers to Sell Stolen Information
Related: Data Breach Victims Sue Rhode Island Transit Agency, Insurer
