A recent court filing reveals a significant data breach involving sensitive patient information, raising concerns about the security practices of two major healthcare-related companies. The complaint was filed by Ruth Albright on July 16, 2024, in the United States District Court for the Middle District of Pennsylvania against Geisinger Health and Nuance Communications, Inc.
According to the lawsuit, Geisinger Health and Nuance Communications failed to adequately secure and safeguard protected health information (PHI) and personally identifiable information (PII) of approximately one million patients. This breach allegedly exposed names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance details, and clinical information. The breach was discovered by Geisinger on November 29, 2023, but affected individuals were not informed until June 24, 2024. The plaintiff claims that a former employee of Nuance accessed and acquired this sensitive data.
The lawsuit highlights several critical points: as entities handling sensitive patient data, both defendants had a duty to protect this information from unauthorized access. The failure to do so has resulted in substantial harm to the affected individuals. "The exposure of patients' PHI and PII to unauthorized persons—especially hackers with nefarious intentions—will result in harm," states the complaint. It also mentions that mitigating such risks requires significant time and money for individuals to monitor their credit and financial accounts continuously.
Albright accuses Geisinger Health and Nuance Communications of negligence, breach of fiduciary duty, breach of confidence, breach of implied contract, unjust enrichment, and violation of privacy policies. She argues that these companies did not adhere to their own privacy policies or industry standards for data protection. The complaint further alleges that the defendants failed to detect the breach promptly or take adequate measures to prevent it.
The plaintiffs are seeking various forms of relief from the court. They demand actual and punitive damages along with attorneys' fees and costs. Additionally, they seek injunctive relief requiring the defendants to disclose fully the nature of the data breach and implement improved data security practices. They also request lifetime identity theft protection services for all impacted victims at no cost.
Representing Ruth Albright are attorneys from various law firms specializing in class action lawsuits. The case is presided over by Judge Matthew W. Brann under Case ID 4:24-CV-1174-MWB.