Microsoft takes a hit on another cybersecurity crisis

Share post:

American healthcare provider Geisinger has revealed that over a million of its patient records may have been stolen, with the breach attributed to a former employee of Nuance Communications, a Microsoft subsidiary.

The security breach, discovered in November, occurred after Nuance terminated an employee who allegedly retained access to corporate files for two additional days. During this period, the ex-employee is suspected of accessing and copying sensitive records from Geisinger, which operates 13 hospitals and has over 600,000 members.

The stolen data includes personal information such as birth dates, addresses, hospital admission and discharge records, and other medical data. Fortunately, no financial or insurance information was compromised.

Geisinger notified Nuance immediately upon discovering the breach on November 29, prompting the IT provider to cut off the former employee’s access and alert law enforcement. Authorities requested a delay in notifying patients to avoid impeding their investigation. The ex-employee has since been arrested and faces federal charges, although specific charges have not been disclosed.

Jonathan Friesen, Geisinger’s chief privacy officer, expressed regret over the incident: “We continue to work closely with the authorities on this investigation, and while I am grateful that the perpetrator was caught and is now facing federal charges, I am sorry that this happened.”

This isn’t the first time Nuance has faced criticism for security lapses. In 2018, a similar incident occurred when a former Nuance employee accessed patient information at San Francisco’s Department of Public Health.

Microsoft, which acquired Nuance three years ago, has also been scrutinized for its security practices. Recent breaches involving Exchange Online and cloud-based email accounts of US officials have raised concerns about Microsoft’s cybersecurity measures. AJ Grotto, a former White House cyber policy director, even labeled Microsoft a national security threat due to these recurring issues.

In response to the Geisinger incident, a Microsoft spokesperson stated: “We are cooperating with law enforcement and doing what is necessary to support our customer.”

As investigations continue, this incident underscores the critical need for stringent security protocols, especially when handling sensitive healthcare data. Ensuring that terminated employees are immediately cut off from access to corporate systems is a fundamental step in protecting against data breaches.

 

SUBSCRIBE NOW

Related articles

Amazon reviews losing trust as number of fake reviews are uncovered

Amazon's customer review system, once trusted for its verified buyer opinions, is increasingly under scrutiny as more and...

Apple Vision Pro U.S. sales plummet

Apple's Vision Pro headset, priced at $3,500, is experiencing a significant drop in U.S. sales. Market analysts report...

Security research team claims to have helped avert a major supply chain attack

JFrog Security Research team continuously scans public repositories such as Docker Hub, NPM, and PyPI to identify malicious...

Phishing attacks on state and local governments surge by 360%

Phishing attacks targeting state and local governments have surged by 360% between May 2023 and May 2024, according...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways