Geisinger Health System

Geisinger Health System is a healthcare organization based in the United States of America. It operates facilities providing medical services to patients, including Geisinger Berwick. The organization handles sensitive patient information as part of its healthcare delivery operations. Geisinger has experienced significant cybersecurity incidents impacting patient data security.

In May 2022, Geisinger Health System suffered a data breach stemming from a ransomware attack targeting its mail service vendor, KayeSmith. This incident compromised marketing and communications data for 2,857 patients. Exposed information included patient names, addresses, medical record numbers, dates of service, and details of payment installment plans. While no misuse of the data was reported, the vendor offered affected individuals credit monitoring services. Geisinger collaborated with the vendor to implement additional safeguards following the breach. Earlier, in June 2019, Geisinger Berwick terminated an employee discovered to have improperly accessed patient records over approximately one year. An internal report prompted an investigation revealing unauthorized access affecting over 700 individuals. The compromised data included names, dates of birth, Social Security numbers, medical conditions, treatment details, and contact information. Although no evidence indicated malicious intent or data retention by the employee, Geisinger Berwick offered complimentary identity theft protection to those affected.