Former Microsoft employee arrested for stealing 1.2M patient records

A data breach imperiling more than 1.2 million patient records has occurred at Geisinger Health System, according to a notification published on the U.S. Department of Health and Human Services website. 

A terminated employee of Nuance Communications, a subsidiary of Microsoft, allegedly accessed the patient records after their firing in November of 2023, Geisinger said in a statement

In response to a federal investigation into the incident, Nuance requested the health system delay notifying patients about the breach. Now that the former employee has been officially charged with a crime, Geisinger has triggered the typical HIPAA-required response to send notifications to those impacted.

The breach is being completely attributed to the one former employee, who has yet to face trial or be convicted of a crime. The data stolen includes personal information on patients, including names, birth dates, contact information, demographic information and medical record numbers. However, there is no evidence details on care delivery or insurance information were accessed, Geisinger said. 

Additionally, social security numbers were also not stolen. However, Geisinger said it will be offering identity protection services to the patients whose data was taken. 

“Our patients’ and members’ privacy is a top priority, and we take protecting it very seriously,” Jonathan Friesen, chief privacy officer at Geisinger, said in the statement. “We continue to work closely with the authorities on this investigation, and while I am grateful that the perpetrator was caught and is now facing federal charges, I am sorry that this happened.”

That 1.2 million figure represents most of the patients the health system sees each year. Geisinger operates 10 hospitals and more than 100 other care centers nationwide. The health system is headquartered in Pennsylvania. 

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

When regulating AI-equipped medical devices, the FDA might take a page from the Department of Transportation’s playbook for overseeing AI-equipped vehicles. These run the gamut from assisting human drivers to fully taking the wheel. 

Kit Crancer, RBMA board member, speaks with Radiology Business about key legislative developments on the Hill that will affect the specialty. 

California-based Acutus Medical has said its ongoing agreement to manufacture and distribute left-heart access devices for Medtronic is the company's only source of revenue.