Geisinger Health, Nuance reach $5M settlement over data breach

A Pennsylvania district court has granted preliminary approval of a $5 million settlement to resolve a class action lawsuit filed against Geisinger Health and Nuance Communications. The lawsuit stemmed from a 2023 data breach that impacted more than 1 million individuals.

Nuance, which was acquired by Microsoft in 2022, is an information technology company that focuses on conversational AI and speech recognition software.

In November 2023, Geisinger discovered that a former Nuance employee had accessed and potentially obtained information pertaining to patients, including names, dates of birth, addresses, medical record numbers, race, gender, phone numbers, admit and discharge codes and facility name abbreviations.

The employee was terminated from Nuance just two days before this incident occurred.

Law enforcement asked Nuance and Geisinger to delay notifying patients of the breach while a federal investigation was underway. Nuance later sent notifications to impacted patients on behalf of Geisinger.

In July 2024, several lawsuits filed against Geisinger and Nuance were consolidated into a class action complaint.

The former Nuance employee was arrested and is now facing criminal charges. The breach highlighted the risk of insider threats in healthcare.

A final approval hearing is scheduled for March 16, 2026, and individuals impacted by the breach will have until March 18, 2026, to submit claims.

Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.