Dedicated to providing the latest
HIPAA compliance news

NotPetya Attack Continues to Disrupt Nuance Communications’ Services

Share this article on:

In late June, Nuance Communications, a provider of healthcare solutions and transcription services, was one of many organizations around the globe to have systems taken out of action by NotPetya ransomware.

While most ransomware attacks are conducted with the intention of obtaining ransom payments in exchange for the keys to unlock data, NotPetya was different. The aim was sabotage. Infection resulted in permanent encryption of master file tables, preventing infected computers from locating stored data. Data recovery was not possible even if the ransom demand was paid.

The attacks caused permanent damage at many organizations requiring the replacement of hardware and substantial portions of affected networks. Nuance Communications was no different.

Following the attack, Nuance Communications brought in external security experts to contain the infection and determine the extent of the attack. However, not in time to prevent widespread damage. Systems were taken out of action preventing hundreds of hospitals from using its services.

Premier Health was one of many hospital systems forced to switch transcription service providers. Boston’s Beth Israel Deaconess Medical Center was also impacted and has been prevented from using Nuance’s eScription service. University of Pittsburgh Medical Center was similarly affected and still cannot use the company’s transcription service.

It took Nuance Communications until July 3 to bring its eScription RH and Clinic 360 clients back online on the Emdat platform, and until July 5 to bring its eScription LH platform back online.  By July 11, almost 200 hospitals had started using its eScription LH platform again, although some company services continue to be disrupted.

Nuance Communications spokesperson Richard Mack announced yesterday that “We are doing everything within our power to support our health-care customers and provide them with the information and resources they need to provide quality patient care, including offering an alternative system and solutions.”

In addition to fixing its systems and working hard to bring customers back online, the company has been improving its security to prevent future attacks.

Even though most systems are now back online, it may be difficult to convince hospitals to return. Many have since switched to other service providers as a result of the attack and loss of its services. Many are unlikely to return. That is likely to make a serious dent in its Q3 profits at the very least. At present, the company’s share price has fallen 6% since the attack.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On