Former Nuance employee arrested over Geisinger data breach

Geisinger began notifying upwards of one million individuals of a data breach that occurred in November 2023, when a former Nuance Communications employee accessed certain Geisinger patient information two days after being terminated. The individual has since been arrested and is facing federal charges.

Geisinger serves 1.2 million people across Pennsylvania in rural and urban care settings. Geisinger used Nuance, a Microsoft-owned company, for information technology services.

On November 29, 2023, Geisinger discovered that the former Nuance employee had accessed and potentially taken information pertaining to more than one million patients, including names, dates of birth, addresses, medical record numbers, race, gender, phone numbers, admit and discharge codes, and facility name abbreviations.

The breach did not involve insurance claims information, Social Security numbers, or other financial information.

Law enforcement asked Nuance and Geisinger to delay notifying patients of the incident until recently so as not to impede the federal investigation.

“Our patients’ and members’ privacy is a top priority, and we take protecting it very seriously,” said Jonathan Friesen, Geisinger chief privacy officer.

“We continue to work closely with the authorities on this investigation, and while I am grateful that the perpetrator was caught and is now facing federal charges, I am sorry that this happened.”