Last updated 1 month ago
Geisinger Health, a healthcare provider, experienced a breach affecting 1.2 million patient records. The breach was publicly disclosed in February 2026, with the organization detecting unauthorized access to protected health information. The incident involved a former employee of Nuance Communications, a business associate that provided services to Geisinger.
The breach occurred when Max Vance, also known as Andre J. Burk, retained access to Geisinger patient data after his employment termination at Nuance Communications. The former employee exploited his continued system access to exfiltrate patient records from Geisinger's systems. Geisinger's security monitoring detected the unauthorized access and promptly notified Nuance Communications about the breach.
The former employee has admitted to breaching the patient records, confirming the insider threat vector. The breach involved a business associate relationship where access control failures allowed terminated personnel to maintain system access. Geisinger's detection and notification processes functioned as designed, leading to the identification of the unauthorized activity.
Former employee of business associate retained unauthorized access to patient data after termination
This breach demonstrates critical access control failures in third-party vendor management, where terminated employees retained system access to sensitive healthcare data. Healthcare organizations must implement immediate access revocation procedures for all business associate personnel upon employment termination. The incident highlights the need for continuous monitoring of third-party access patterns, particularly for former employees who may exploit residual credentials or system permissions.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector
Threat Actor
Continent
Country
Industry
Attack Vector
Threat Actor