Geisinger Details

    Organization Logo

    Geisinger

    Danville, Pennsylvania24000 employees • Healthcare

    https://www.geisinger.org/

    Industry

    Healthcare

    Security Incidents

    1

    Geisinger is a regional healthcare provider serving central, south-central, and northeastern Pennsylvania. Established in 1915 by Abigail Geisinger, it originated with the founding of the Geisinger Medical Center in Danville, Pennsylvania. Geisinger is known for its innovative use of electronic health records and its commitment to personalized medicine, which includes the Geisinger Health Plan and other healthcare-related services. The organization has been a leader in integrating advanced care management and fostering an environment conducive to clinical research and education.

    Notably, Geis...
    Show more

    Security Incidents

    Geisinger Breach of Nov 2023
    Severity Score
    Significant to High

    Type

    3rd Party Compromise

    Summary

    In November, Geisinger, a major healthcare provider, experienced a data breach affecting potentially over a million patients. The breach was linked to a former employee of Nuance Communications, terminated earlier, who accessed and exfiltrated sensitive patient data, including birth dates, addresses, hospital records, and other medical details, though no financial data was compromised. Geisinger discovered the breach on November 29 and immediately notified Nuance, which then blocked access and involved law enforcement. Notification to affected patients was delayed to avoid compromising the ong...
    Show more

    Severity

    The Geisinger cybersecurity breach involved the unauthorized access and potential theft of sensitive data for over a million patients by a former employee of Nuance Communications, a Microsoft subsidiary. The compromised information included birth dates, addresses, demographic details, and medical data, although financial data was not accessed. While Nuance quickly severed the ex-employee's access and involved law enforcement, the incident underscores significant lapses in internal security controls and termination procedures. Given the scale of the data exposure, the involvement of highly per...
    Show more

    Impact

    The incident at Geisinger, facilitated by an ex-employee of Microsoft-owned Nuance Communications, resulted in a significant data breach affecting over a million patients. Sensitive patient data, including birth dates, addresses, demographic information, and medical records, were potentially accessed and stolen, though financial details such as insurance information were not compromised. While no Geisinger systems or services were taken offline, the breach exposes critical internal data and highlights gaps in access control and termination processes within Nuance. The data exfiltration undersc...
    Show more

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos