DANVILLE — A billing contractor's data breach has affected 2,857 Geisinger patients across the health system's service area.

According to a news release from Geisinger, Kaye-Smith, a marketing execution and supply chain vendor for VisitPay, was subject to a malware attack. After a risk assessment determined the reach of the attack, it began notifying patients on Sept. 16.

There is no evidence the information was used maliciously, but data like names, addresses, medical record numbers, dates of service and payment installment plans might have been viewed. No sensitive financial information, such as social security numbers, bank account numbers, or credit card numbers, was exposed as part of the incident, according to the release.

“The privacy of our patients and members is our highest priority, and we rigorously vet our vendors to protect that privacy,” said Jonathan Friesen, chief privacy officer at Geisinger. “There is no indication that information has been used to commit fraud, but Kaye-Smith is providing credit monitoring to patients who were affected. Even though we believe that the risk to our patients and members stemming from this incident is relatively low, we recommend that those who were affected take advantage of the credit monitoring offered by Kaye-Smith.” 

Patients and members who received notification from Kaye-Smith should use the toll-free number provided in the letter if they have questions.

— The Daily Item

Trending Video