Cyber Incident Victim: Geisinger Health System

In late May 2022, KayeSmith, a mail service vendor utilized by Geisinger Health System’s online billing provider VisitPay, suffered a ransomware attack that rendered its systems inaccessible. The attack disrupted marketing and communications operations for Geisinger, a Danville, PA-based healthcare organization. KayeSmith initiated a forensic investigation following the attack, which determined that unauthorized actors potentially accessed and obtained files containing patient information provided by its clients for marketing campaigns. Geisinger was notified of the potential breach in September 2022, approximately four months after the initial attack occurred. The compromised data included patient names, addresses, medical record numbers, dates of service, and details about payment installment plans.

KayeSmith conducted a risk assessment confirming the exposure of sensitive information but found no evidence of actual misuse of patient data at the time of notification. The breach impacted 2,857 Geisinger patients, as reported to the HHS Office for Civil Rights. In response, KayeSmith offered complimentary credit monitoring services to affected individuals. Geisinger collaborated with the vendor to implement additional safeguards aimed at preventing future security incidents. The healthcare system confirmed no operational disruptions to its internal systems, as the compromise was limited to data processed by the third-party vendor for billing-related communications. No identity theft or fraudulent activity linked to the breach had been reported by Geisinger or KayeSmith as of the notification period.