Nonprofit health system, Nuance Communications agree to $5M settlement after data theft
A Pennsylvania-based nonprofit health system and a health IT vendor have agreed to pay $5 million to resolve an unusual data breach lawsuit involving an employee stealing personal data on more than 1 million patients. A hearing to finalize the settlement is scheduled for March 16, at which time a judge will either reject or affirm the proposal.
The lawsuit, against Geisinger Health and Nuance Communications, was first filed in June 2024, about six months after the incident occurred. According to court documents, the employee allegedly responsible for the data theft is a man named Max Vance, who worked for Nuance.
Vance was fired from the healthcare communications company in November 2023, but he was still able to access records on patients using his credentials. Attorneys representing the plaintiffs accused the company of negligence, though any health system where the data originated is also potentially liable for its security under federal law.
Vance is accused of accessing data on more than 1.3 million people, though only 97,000 have signed on as claimants currently—however, the deadline to do so is March 18.
Employee pleads out to criminal charge
Stolen records included identifying numbers, names, birthdates, addresses and more. Vance was charged criminally for his unlawful access of Nuance’s network, which involved downloading data from Geisinger.
He was arrested in February 2024 and later confessed to his crime as part of a deal with prosecutors. Vance will get time served and three years of probation.
Officially, he pleaded guilty to obtaining information from a protected computer, effectively a charge that means digital breaking and entering.
HealthExec reached out to Nuance and Geisinger for comment.
The health system operates 10 hospitals and 126 care sites across 45 counties in Pennsylvania. It sees over 3 million patients each year.
Nuance is a subsidiary of Microsoft.
Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.