A Pennsylvania district court approved a **$5 million settlement** for a **2023 data breach** at **Geisinger Health**, involving a **former Nuance Communications employee** (Nuance is now owned by Microsoft). The breach exposed **over 1 million patients' sensitive data**, including **names, dates of birth, addresses, medical record numbers, race, gender, phone numbers, admit/discharge codes, and facility abbreviations**. The employee, terminated just **two days before the incident**, **accessed and potentially exfiltrated** the data, leading to **criminal charges** and an ongoing federal investigation. Notification to affected patients was delayed per **law enforcement’s request**. The breach underscored **insider threat risks in healthcare**, with the consolidated class-action lawsuit highlighting **reputational, financial, and legal repercussions**. The final approval hearing is set for **March 2026**, with claims submissions due shortly after.
Geisinger cybersecurity rating report: https://www.rankiteo.com/company/geisinger
"id": "GEI4702447112225",
"linkid": "geisinger",
"type": "Breach",
"date": "6/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,000,000+ individuals',
'industry': 'Healthcare',
'location': 'Pennsylvania, USA',
'name': 'Geisinger Health',
'type': 'Healthcare Provider'},
{'industry': 'AI/Speech Recognition',
'location': 'USA',
'name': 'Nuance Communications (acquired by Microsoft '
'in 2022)',
'type': 'Technology Vendor'}],
'attack_vector': 'Insider Access (Former Employee)',
'customer_advisories': ['Breach notifications sent to impacted individuals '
'(delayed)'],
'data_breach': {'data_exfiltration': 'Potential (accessed and possibly '
'obtained)',
'number_of_records_exposed': '1,000,000+',
'personally_identifiable_information': ['Names',
'Dates of Birth',
'Addresses',
'Phone Numbers',
'Medical Record '
'Numbers'],
'sensitivity_of_data': 'High (medical and personal '
'identifiers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2023-11',
'description': 'A former Nuance Communications employee accessed and '
'potentially obtained sensitive patient information from '
'Geisinger Health, impacting over 1 million individuals. The '
'breach led to a $5 million class action settlement, with the '
'employee facing criminal charges. The incident underscored '
'the risks of insider threats in healthcare.',
'impact': {'brand_reputation_impact': 'Negative (publicized breach, legal '
'action)',
'customer_complaints': 'Class action lawsuit filed',
'data_compromised': ['Names',
'Dates of Birth',
'Addresses',
'Medical Record Numbers',
'Race',
'Gender',
'Phone Numbers',
'Admit/Discharge Codes',
'Facility Name Abbreviations'],
'financial_loss': '$5 million (settlement)',
'identity_theft_risk': 'High (PII exposed)',
'legal_liabilities': '$5 million settlement, criminal charges '
'against former employee'},
'initial_access_broker': {'entry_point': 'Authorized internal access (former '
'employee)',
'high_value_targets': ['Patient PHI/PII']},
'investigation_status': 'Ongoing (final approval hearing scheduled for '
'2026-03-16)',
'lessons_learned': 'Insider threats pose significant risks in healthcare; '
'timely termination and access revocation are critical. '
'Delayed breach notifications can complicate legal and '
'reputational responses.',
'motivation': ['Financial Gain', 'Unauthorized Data Access'],
'post_incident_analysis': {'corrective_actions': ['$5 million settlement for '
'affected individuals',
'Criminal prosecution of '
'responsible party'],
'root_causes': ['Insufficient controls to prevent '
'unauthorized data access by '
'terminated employees',
'Delayed breach notification due '
'to law enforcement request']},
'recommendations': ['Enhance insider threat detection programs',
'Implement stricter access controls for sensitive data',
'Conduct regular audits of employee access to PHI/PII',
'Establish clear protocols for breach notifications '
'balancing legal and law enforcement requirements'],
'references': [{'source': 'HealthITSecurity (Jill McKeon)'}],
'regulatory_compliance': {'fines_imposed': '$5 million (settlement, not '
'regulatory fine)',
'legal_actions': ['Class action lawsuit',
'Criminal charges against former '
'employee'],
'regulations_violated': ['HIPAA (likely)',
'State data breach laws']},
'response': {'communication_strategy': ['Class action settlement '
'notifications',
'Public disclosure via legal '
'proceedings'],
'containment_measures': ['Termination of employee (pre-incident)',
'Delayed notification per law '
'enforcement'],
'incident_response_plan_activated': 'Yes (delayed per law '
'enforcement request)',
'law_enforcement_notified': 'Yes (federal investigation ongoing)',
'recovery_measures': ['Patient notifications sent by Nuance on '
'behalf of Geisinger']},
'stakeholder_advisories': ['Class action settlement notices',
'Federal investigation updates'],
'threat_actor': 'Former Nuance Employee',
'title': 'Geisinger Health and Nuance Communications Data Breach (2023)',
'type': 'Data Breach (Insider Threat)'}