Geisinger Claims Medical Data Theft, Blames Microsoft Subsidiary's Former Employee
TapTechNews, June 26th. US healthcare provider Geisinger claims that the medical data of more than one million of its patients may have been stolen, and alleges that a former employee of a Microsoft subsidiary is to blame.
Geisinger disclosed the results of its investigation into last November's computer security breach on Monday, blaming Microsoft-owned NuanceCommunications for not cutting off an employee's access to company files after firing the employee.
The Pennsylvania-based healthcare giant uses Nuance as its IT supplier. It is reported that after Nuance fired an employee, the employee may have accessed and copied a large number of sensitive records of Geisinger patients two days later, and the reason is still unclear.
Geisinger operates 13 hospitals and has more than 600,000 members. The company said that after they detected suspicious access behavior on November 29th and immediately notified Nuance, the other party quickly cut off the access rights of the former employee and reported it to the police.
Due to the potential to interfere with the investigation, law enforcement authorities required Nuance to delay notifying patients of this event until now, Geisinger explained the reason why this matter is only exposed now. This former Nuance employee has been arrested and is facing federal charges.
Details of the specific charges are not yet clear, and Geisinger has not provided more information.
Geisinger said that the former employee may have stolen the information of more than one million people, including date of birth, address, hospitalization and discharge records, demographic information, and other medical data. Geisinger emphasizes that the former employee did not steal insurance or other financial information.
We will continue to work closely with the authorities in the investigation, said Jonathan Friesen, Geisinger's chief privacy officer. Although I am grateful that the perpetrator has been caught and is facing federal charges, I am sorry that this happened.
As of the TapTechNews dispatch, Nuance has not responded to a request for comment. Since the company has been a subsidiary of Microsoft for the past three years, this incident may have a negative impact on Microsoft's reputation.