A data breach at Geisinger could have affected the personal information of more than 1.2 million individuals.
A former employee at Nuance Communications, which provides information technology services to Geisinger, allegedly accessed patient data two days after being terminated, the health system said in a news release.
Related: Is cybersecurity spending too low to prevent another Change breach?
Geisinger discovered the incident and alerted Nuance on Nov. 29, 2023, but law enforcement asked Nuance to delay patient notification to avoid impeding an investigation, the June 24 release said. The former employee was arrested and is facing federal charges, according to the release.
Microsoft-owned Nuance determined the employee allegedly may have accessed information for more than 1 million Geisinger patients, the release said. A report submitted June 21 to HHS' Office for Civil Rights breach portal said 1,276,026 individuals were affected by the incident.