A former employee of Nuance Communications (a Microsoft-owned IT services vendor) accessed Geisinger Health’s patient records without authorization two days after their employment termination on **November 29, 2023**. The breach exposed the **personal and health information of over 1.3 million patients**, including full names, dates of birth, addresses, medical record numbers, race, gender, phone numbers, facility abbreviations, **Social Security numbers (SSNs)**, and health insurance details. Initially, Geisinger stated no financial or credit card data was compromised, but court documents later confirmed SSNs and sensitive medical information were exposed. The incident led to a **$5 million class-action settlement**, with affected patients eligible to file claims until **March 2026**. The former employee faces **federal criminal charges** for the unauthorized access, which occurred after law enforcement concluded its investigation. The breach severely undermined patient trust and triggered legal, financial, and reputational repercussions for Geisinger Health.
Source: https://www.healthcareitnews.com/news/geisinger-health-and-nuance-settle-data-breach-lawsuit
TPRM report: https://www.rankiteo.com/company/geisinger
"id": "gei5102451112125",
"linkid": "geisinger",
"type": "Breach",
"date": "11/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '1.3 million patients',
'industry': 'healthcare',
'location': 'Pennsylvania, USA',
'name': 'Geisinger Health',
'type': 'healthcare system'},
{'industry': 'technology/healthcare IT',
'name': 'Nuance Communications (Microsoft subsidiary)',
'type': 'information technology services vendor'}],
'attack_vector': ['insider threat', 'privilege abuse'],
'customer_advisories': ['breach notification letters mailed to affected '
'patients'],
'data_breach': {'data_exfiltration': ['confirmed (data accessed by '
'unauthorized former employee)'],
'number_of_records_exposed': '1.3 million',
'personally_identifiable_information': ['full names',
'SSNs',
'dates of birth',
'addresses',
'phone numbers',
'medical record '
'numbers',
'race/gender info'],
'sensitivity_of_data': 'high (includes SSNs, medical records, '
'and insurance info)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'protected health information '
'(PHI)',
'financial information (health '
'insurance details)']},
'description': 'A former Nuance Communications employee accessed Geisinger '
"Health's patient records and personal information of over 1.3 "
'million patients two days after their employment termination. '
'The breach led to a $5 million class action settlement, with '
'impacted patients able to file claims until mid-March 2026. '
'Exposed data included names, dates of birth, SSNs, addresses, '
'medical record numbers, health insurance details, and other '
'sensitive information.',
'impact': {'brand_reputation_impact': ['negative publicity',
'loss of patient trust'],
'customer_complaints': ['class action lawsuit filed'],
'data_compromised': ['full names',
'dates of birth',
'Social Security numbers (SSNs)',
'addresses',
'admit/discharge/transfer codes',
'medical record numbers',
'race and gender information',
'phone numbers',
'facility name abbreviations',
'health insurance information',
'medical information'],
'financial_loss': '$5 million (settlement amount)',
'identity_theft_risk': ['high (due to SSN exposure)'],
'legal_liabilities': ['$5 million settlement',
'federal charges against former employee'],
'payment_information_risk': ['initially reported as not '
'compromised, later confirmed as '
'exposed (health insurance info)'],
'systems_affected': ['Geisinger Health patient records system']},
'initial_access_broker': {'entry_point': ["former employee's retained access "
'credentials'],
'high_value_targets': ['patient records',
'PII/PHI data']},
'investigation_status': 'completed (law enforcement investigation concluded; '
'settlement approved)',
'motivation': ['unauthorized data access',
'potential financial gain (unconfirmed)',
'malicious intent'],
'post_incident_analysis': {'root_causes': ['insufficient access revocation '
'for terminated employees',
'lack of monitoring for '
'unauthorized access']},
'references': [{'source': 'Healthcare IT News'},
{'source': 'Pennsylvania Court documents'}],
'regulatory_compliance': {'legal_actions': ['class action lawsuit',
'federal charges against former '
'employee'],
'regulatory_notifications': ['breach notifications '
'sent to affected '
'individuals']},
'response': {'communication_strategy': ['public disclosure',
'patient notifications via mail',
'court-approved settlement '
'communications'],
'incident_response_plan_activated': ['breach investigation',
'law enforcement '
'involvement'],
'law_enforcement_notified': True,
'remediation_measures': ['breach notifications sent to affected '
'patients',
'class action settlement process'],
'third_party_assistance': ['law enforcement']},
'stakeholder_advisories': ['court-approved settlement notices',
'patient claim filing instructions'],
'threat_actor': ['former employee of Nuance Communications'],
'title': 'Geisinger Health and Nuance Communications Patient Data Breach '
'(2023)',
'type': ['data breach', 'insider threat', 'unauthorized access']}