Geisinger Health Foundation, Nuance Communications Hit with Data Breach Lawsuit Over Nov. 2023 Intrusion

New to ClassAction.org? Read our Newswire Disclaimer

Geisinger Health Foundation and IT vendor Nuance Communications face a proposed class action lawsuit over a November 2023 data breach that reportedly impacted more than one million patients.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

The 32-page Geisinger Health Foundation data breach lawsuit relays that the Danville, Pennsylvania-based regional healthcare provider discovered on or around November 29 of last year that a former Nuance Communications employee had accessed certain patient information two days after they had been terminated. Upon investigation, Nuance, a Burlington, Massachusetts-based software technology vendor, determined that more than one million Geisinger Health patients were affected by the unauthorized intrusion, the filing states.

The proposed class action accuses Geisinger Health and Nuance of maintaining inadequate cybersecurity and failing to prevent the data breach despite having the financial resources and personnel to do so.

“The sensitive nature of the data exposed through the Data Breach signifies that Plaintiff and Class Members have suffered irreparable harm,” the complaint reads. “Plaintiff and Class Members have lost the ability to control their private information and are subject to an increased risk of identity theft.”

Per the case, Nuance, on behalf of Geisinger Health, began to send data breach notices to victims on June 21, 2024. The Nuance and Geisinger Health data breach notice states that law enforcement, contacted by the defendants in the wake of the intrusion, asked Nuance to “delay notifying patients of this incident until now,” and that the former employee allegedly responsible for the breach “has been arrested and is facing federal charges.”

The companies stated that the sensitive information compromised in the Geisinger Health Foundation data breach could have included patient names; dates of birth; addresses; admit, discharge or transfer codes; medical record numbers; race and gender.

The defendants have stated that no claims or insurance details, credit card or bank account numbers, other financial information, or Social Security numbers were inappropriately accessed.

The lawsuit contends that the defendants knew or should have known that the sensitive patient information in their care would be a target for cyberattacks and that the data is protected by law.

The Geisinger Health data breach class action lawsuit looks to cover all individuals in the United States whose personal information was compromised in the November 2023 data breach publicly announced by Nuance Communications in June 2024.

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.