Geisinger attributes breach to Microsoft subsidiary

Pennsylvania-based healthcare provider Geisinger has passed culpability on a November breach that may have compromised information from over a million of its patients to Microsoft-owned speech recognition firm Nuance Communications after failing to revoke corporate file access from a terminated employee who exfiltrated the health provider's data days after being fired, according to The Register.

Data stolen by the former Nuance employee, who has since been arrested and indicted, include demographic information, birthdates, addresses, hospital records, and other medical details, said Geisinger, which noted that Nuance had immediately cut off unauthorized access after being notified on Nov. 29. "We continue to work closely with the authorities on this investigation, and while I am grateful that the perpetrator was caught and is now facing federal charges," said Geisinger Chief Privacy Officer Jonathan Friesen. Such a development comes more than six years after another former Nuance employee was reported to be implicated in the breach of San Francisco's Department of Public Health.