Patients trust that when they disclose their personal identifying information (PII) and protected health information (PHI) including name, date of birth, social security number, address, race, gender, and health insurance information, among others, in furtherance of healthcare services, providers and their subcontractors and vendors that have access to these records, will maintain the upmost care and caution in storing this valuable PII and PHI, and keep this information confidential. Data security is imperative and when handled negligently, patients are at a heightened risk of fraud, identity theft, misappropriation of insurance benefits, and invasion of health privacy, among others.
On or about November 29, 2023, Geisinger Health discovered that a former employee of Nuance Communications, Inc, an outside vendor of Geisinger Health’s that provided information technology (IT) services, had accessed and obtained the PII and PHI of millions of Geisinger patients a few days after being terminated by Nuance Communications, Inc. Inexplicably, both Geisinger Health and Nuance Communications, Inc. failed to immediately revoke and restrict the terminated employee’s unfettered access to patients’ personal and confidential health information.
While Geisinger Health and Nuance Communications, Inc. became aware of the catastrophic data breach in November of 2023, it was not until months later in June of 2024, that victims were first notified by way of letter that states in part:
“We are writing to inform you about a recent data security incident…. Further investigation by Nuance revealed that the former employee may have accessed and taken some of your [personal] information, which may have included your name, date of birth, address, medical record number, race, gender, admit and discharge or transfer code, phone number and facility name abbreviation.”
To date, more than 1.2 million individuals have had their PII and PHI breached as a result of the inadequate data security procedures of both Geisinger Health and Nuance Communications, Inc. Unfortunately, this is becoming all too common in the United States. The number of reported data breaches in the U.S. rose to a record 3,205 in 2023, up 78% from 2022.
If you or a loved one has received a data breach letter in the mail, or has otherwise been affected by a data breach, please contact the attorneys at Anapol Weiss. We are committed to recourse for the victims of such tortious wrongdoings.