Tired of ads? Subscribers enjoy a distraction-free reading experience.
Click here to subscribe today or Login.

WILKES-BARRE — The personal information of as many as 1 million Geisinger patients may have been accessed in data breach.

Nuance Communications Inc., an outside vendor that provides information technology services for Geisinger, is notifying Geisinger patients that their information may have been accessed by a former Nuance employee.

On Nov. 29, 2023, Geisinger discovered and immediately notified Nuance that a former Nuance employee had accessed certain Geisinger patient information two days after the employee had been terminated.

Upon learning this, Nuance permanently disconnected its former employee’s access to Geisinger’s records, according to a news release from Geisinger.

An investigation was launched, and law enforcement was engaged. Because it could have impeded their investigation, Geisinger said law enforcement investigators asked Nuance to delay notifying patients of this incident until now.

The former Nuance employee has been arrested and is facing federal charges.

Jonathan Friesen, Geisinger chief privacy officer, on Wednesday said that the privacy of their patients and members is a top priority.

“And we take protecting it very seriously,” Friesen said . “We continue to work closely with the authorities on this investigation. And while I am grateful that the perpetrator was caught and is now facing federal charges, I am sorry that this happened.”

According to the news release, through its investigation, Nuance determined the former employee may have accessed and taken information pertaining to more than one million Geisinger patients.

According to the the U.S. Attorney’s Office, charges were filed in Pennsylvania Middle District Court against the former Nuance employee, identified as Max Vance, also known as Andre J. Burk. A federal indictment against Vance was handed down on Jan. 30, and he entered a plea of not guilty. The court has scheduled a trial for Aug. 5, in Williamsport.

The information varied by patient, but could have included names in combination with one or more of the following — date of birth, address, admit and discharge or transfer code, medical record number, race, gender, phone number and facility name abbreviation.

The news release said that no claims or insurance information, credit card or bank account numbers, other financial information, or Social Security numbers were inappropriately accessed by the company’s former employee.

Geisinger encourages those who have received a notice to review the information and call 855-575-8722 to address any concerns. The number can be reached between 9 a.m. and 9 p.m. Monday through Friday, Eastern Time, except for major U.S. holidays. Provide engagement number B124651.

Further, those patients whose information was involved in the incident are encouraged to review the statements they receive from their health plan and contact their health insurer immediately if they see services they did not receive.

Reach Bill O’Boyle at 570-991-6118 or on Twitter @TLBillOBoyle.