Former Microsoft employee arrested for stealing 1.2M patient records
A data breach imperiling more than 1.2 million patient records has occurred at Geisinger Health System, according to a notification published on the U.S. Department of Health and Human Services website.
A terminated employee of Nuance Communications, a subsidiary of Microsoft, allegedly accessed the patient records after their firing in November of 2023, Geisinger said in a statement.
In response to a federal investigation into the incident, Nuance requested the health system delay notifying patients about the breach. Now that the former employee has been officially charged with a crime, Geisinger has triggered the typical HIPAA-required response to send notifications to those impacted.
The breach is being completely attributed to the one former employee, who has yet to face trial or be convicted of a crime. The data stolen includes personal information on patients, including names, birth dates, contact information, demographic information and medical record numbers. However, there is no evidence details on care delivery or insurance information were accessed, Geisinger said.
Additionally, social security numbers were also not stolen. However, Geisinger said it will be offering identity protection services to the patients whose data was taken.
“Our patients’ and members’ privacy is a top priority, and we take protecting it very seriously,” Jonathan Friesen, chief privacy officer at Geisinger, said in the statement. “We continue to work closely with the authorities on this investigation, and while I am grateful that the perpetrator was caught and is now facing federal charges, I am sorry that this happened.”
That 1.2 million figure represents most of the patients the health system sees each year. Geisinger operates 10 hospitals and more than 100 other care centers nationwide. The health system is headquartered in Pennsylvania.