Cyber Incident Victim: Geisinger Health System
Date:
Jun 2019
Location:
United States of America
Summary
A healthcare provider experienced unauthorized access to patient records by an employee over approximately one year, affecting more than 700 individuals. The incident was reported internally by another staff member, prompting an investigation that confirmed improper access without valid business justification, though no evidence indicated malicious intent or data retention. Exposed information included names, dates of birth, Social Security numbers, medical conditions, treatment details, and contact information. The employee responsible was terminated, and the organization offered affected individuals complimentary identity theft protection services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 3, 2020, Geisinger's Privacy Office received an internal report from a workforce member regarding suspected unauthorized access to patient records by an employee at Geisinger Clinic Berwick. The organization immediately initiated an investigation into the employee's activities. The inquiry revealed the employee had improperly accessed protected health information (PHI) of over 700 patients between June 2019 and June 3, 2020, despite having legitimate access privileges for their regular job duties. Investigators determined the accesses occurred without valid business justification, though no evidence indicated malicious intent or financial fraud motives. The compromised data included names, dates of birth, medical record numbers, Social Security numbers, addresses, phone numbers, medical conditions, diagnoses, medications, treatment details, and clinical notes. Network activity analysis confirmed the employee did not retain or remove any information from Geisinger's systems. The investigation concluded on September 8, 2020, resulting in the employee's termination from the organization.
Geisinger began notifying affected patients following the investigation's completion, disclosing the unauthorized access timeframe and types of exposed data. The health system offered impacted individuals one year of complimentary credit monitoring and identity theft protection services, with enrollment instructions included in notification letters. A dedicated toll-free helpline (844-929-2293) operated weekdays from 9 a.m. to 6:30 p.m. Eastern Time was established for patient inquiries. Chief Privacy Officer Jonathan Friesen emphasized Geisinger's commitment to privacy safeguards while acknowledging the incident's detection relied on employee reporting. The organization implemented no confirmed technical or procedural changes beyond existing protocols, maintaining standard practices for workforce access to medical records as part of routine responsibilities. No regulatory actions or legal consequences were reported in connection with the breach.