Facepalm: When it comes to digital data management and user privacy, disgruntled former employees can become a threat for a number of reasons. Such an incident occurred in November 2023, with Microsoft indirectly involved as the owner of the biometrics company used by a major healthcare provider.
Geisinger Health, one of the leading healthcare providers in the US, suffered a troublesome security breach after a former Nuance employee accessed patient data without authorization. Sensitive information on hundreds of thousands of people may have been stolen, though the extent of the misuse is unclear currently.
Nuance, a voice recognition company acquired by Microsoft in 2021 for $19.7 billion, provides IT services to Geisinger, which operates 13 hospitals and serves over 600,000 commercial and government members. The security incident occurred in November, and Geisinger was immediately informed by Nuance about the improper access by the former staffer.
Both companies launched investigations and were required by US law enforcement agencies to delay notifying affected patients until now. Nuance's investigation confirmed that the former worker "may have accessed and taken information" related to more than one million patients served by Geisinger.
Stolen data varied by patient but could have included names, dates of birth, addresses, medical record numbers, race, gender, phone numbers, and more, Geisinger confirmed. No insurance, credit card, bank account, or other financial information was "inappropriately accessed," the company stated.
Nuance removed the former employee from its systems soon after discovering the breach, and the individual has since been arrested by federal authorities. Geisinger's chief privacy officer, Jonathan Friesen, emphasized that patient privacy is the company's "top priority," and Geisinger is working closely with authorities to complete the ongoing investigation.
Nuance has previously faced accusations of improperly managing access that former employees may still have. Since becoming part of Microsoft three years ago, Nuance's security issues now direct affect its parent company. CEO Satya Nadella recently stated that operational security is a top priority for the company.