On June 21, 2024, Geisinger Health (“Geisinger”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that a former employee of a vendor, Nuance Communications Inc. (“Nuance”), accessed patient data without authorization. In this notice, Nuance Communications explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, dates of birth, addresses, race, gender, phone number and treatment information. Upon completing its investigation, Nuance Communications began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from Nuance Communications Inc. or Geisinger Health, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Nuance Communications / Geisinger data breach. For more information, please see our recent piece on the topic here.
What Caused the Nuance Communications Data Breach?
The Nuance Communications /Geisinger data breach was only recently announced, and more information is expected in the near future. However, Nuance Communications’ filing with the U.S. Department of Health and Human Services Office for Civil Rights provides some important information on what led up to the breach. Geisinger also posted a website notice discussing the incident.
According to these sources, on November 23, 2023, Geisinger learned that a former employee of one of the company’s vendors, Nuance Communication, had accessed certain Geisinger patient information two days after the employee had been terminated. In response, Geisinger notified Nuance, which then disconnected the former employee’s access and launched an investigation.
Through its investigation, Nuance determined the former employee may have accessed and removed information belonging to more than one million Geisinger patients. Geisinger later reported that the exact number of affected patients was 1,276,026.
After learning that sensitive consumer data was accessible to an unauthorized party, Nuance Communications reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, date of birth, address, admit and discharge or transfer code, medical record number, race, gender, phone number and facility name abbreviation.
On June 21, 2024, Nuance Communications sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About Nuance Communications Inc. and Geisinger Health
Nuance Communications, Inc. is a business intelligence software company based in Burlington, Massachusetts. The company provides voice recognition and natural language understanding solutions to clients worldwide. In 2022, Microsoft purchased Nuance Communications, which now operates as a subsidiary of Microsoft. Nuance Communications employs more than 6,900 people and generates approximately $1.3 billion in annual revenue.
Geisinger Health is a healthcare services provider based out of Danville, Pennsylvania. Geisinger operates 134 care sites - including ten hospitals. Geisinger also operates a health plan (“Geisinger Health Plan”) with 600,000 members in commercial and government plans. Geisinger generates approximately $10 billion in annual revenue and employs over 26,000 people.
