Pa. Health System Geisinger’s 1 Million-Patient Data Breach Leads to Lawsuit

Geisinger’s 1 Million Patient Data Breach Leads to Lawsuit

A patient affected by a “data security incident” involving Pennsylvania-based health system Geisinger has filed a class-action lawsuit against the company.

Geisinger’s IT vendor, Microsoft-owned Nuance, determined that a former employee may have accessed the personal information of 1 million Geisinger patients, according to a June 24 press release.

The patient who filed the class-action lawsuit argued that Geisinger and Nuance failed to protect consumers’ personal information, the Centre Daily Times reported Monday (July 1).

Geisinger said it learned in November that a former Nuance employee accessed patient information two days after they were fired, per the report. The employee, Andre J. Burk, is facing federal criminal charges.

“Our patients’ and members’ privacy is a top priority, and we take protecting it very seriously,” Geisinger’s Chief Privacy Officer Jonathan Friesen said in Geisinger’s press release. “We continue to work closely with the authorities on this investigation, and while I am grateful that the perpetrator was caught and is now facing federal charges, I am sorry that this happened.”

The breach comes amid a wave of cyberattacks, including the one on Change Healthcare that crippled U.S. hospitals and pharmacies this year, and the ongoing troubles at car dealer software company CDK Global.

As of Monday CDK was working to restore its systems, hoping to have them up and running by July 4. The hack has caused dealerships to resort to pen-and-paper operations, disrupting credit checks and loan approvals.

Meanwhile, PYMNTS wrote last month that “many of the fundamental challenges for organizations looking to maintain data security result from the sheer volume of an organization’s data, the many ways users can access the data…, and the potential for the compromise of valid user credentials being used by unauthorized users.”

In today’s business landscape, where partnerships are helping companies offer modern infrastructure capabilities by streamlining the technical and engineering lift, it is crucial to secure each link in the vendor supply chain, the report added.

“Identity theft, phishing and data breaches have all become more prevalent,” Mike Storiale, vice president of innovation development at Synchrony, told PYMNTS in February.

PYMNTS Intelligence found that 82% of eCommerce merchants endured cyber or data breaches in the last year, with 47% of these companies saying the breaches led to lost revenue and lost customers.