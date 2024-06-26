EYEWITNESS NEWS (WBRE/WYOU) — More than 1,000,000 Geisinger health patients may have been the target of a cyber breach in November of last year.

A former nuance communications employee did have access to more than 1,000,000 Geisinger patients’ information.

28/22 News spoke with an expert in cyber hacks and learned how you can keep your information safe.

An epidemic nationwide: Cyber attacks are taking over, one occurring nearly every day.

Geisinger’s health system fell victim to a major data breach dating back to November 2023 and is just now releasing the details of the incident.

“Healthcare organizations are the number one target of attackers. And the attacker could be somebody from the outside, a criminal gang, or it could be an insider. An employee or former employee” said Cybercatch CEO Sai Huda.

In Geisinger’s case, a former employee of nuance communications, Max Vance, also known as Andre J. Burk, accessed information of more than 1,000,000 patients two days after being fired.

“This is massive because Geisinger has about 1,200,000 patients, so nearly every patient’s record this former employee of the vendor was able to access,” Huda explained.

For insiders like Vance, there’s often a financial motive for going after records that are considered valuable.

“On the dark web they can sell it for several hundred dollars, and personal health information is more valuable than just personal information like credit card or other information,” Huda continued.

Huda says this sort of information breach often occurs due to human error and being unprepared.

He says healthcare organizations like Geisinger should be proactive since they have the gold that attackers are after.

“The healthcare organizations should also do a cyber drill. It’s kind of like a fire drill, unfortunately, most don’t do that. So you know you’re gonna be attacked, so why don’t you simulate an attack?” Huda added.

A patient’s first line of defense should be themselves, beginning with asking healthcare providers what kind of security they have in place and taking precautions of their own.

“Patients have to be really sensitive. They should expect multi-factor authentication into portals when they log in, and they should use password managers and not use simple passwords like 123456, which unfortunately, over 20,000,000 people still use it,” Huda stated.

Vance has been indicted on federal charges, and as of now, there is no set date for that trial.

