HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

NotPetya Attack Continues to Disrupt Nuance Communications’ Services

In late June, Nuance Communications, a provider of healthcare solutions and transcription services, was one of many organizations around the globe to have systems taken out of action by NotPetya ransomware.

While most ransomware attacks are conducted with the intention of obtaining ransom payments in exchange for the keys to unlock data, NotPetya was different. The aim was sabotage. Infection resulted in permanent encryption of master file tables, preventing infected computers from locating stored data. Data recovery was not possible even if the ransom demand was paid.

The attacks caused permanent damage at many organizations requiring the replacement of hardware and substantial portions of affected networks. Nuance Communications was no different.

Following the attack, Nuance Communications brought in external security experts to contain the infection and determine the extent of the attack. However, not in time to prevent widespread damage. Systems were taken out of action preventing hundreds of hospitals from using its services.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Premier Health was one of many hospital systems forced to switch transcription service providers. Boston’s Beth Israel Deaconess Medical Center was also impacted and has been prevented from using Nuance’s eScription service. University of Pittsburgh Medical Center was similarly affected and still cannot use the company’s transcription service.

It took Nuance Communications until July 3 to bring its eScription RH and Clinic 360 clients back online on the Emdat platform, and until July 5 to bring its eScription LH platform back online.  By July 11, almost 200 hospitals had started using its eScription LH platform again, although some company services continue to be disrupted.

Nuance Communications spokesperson Richard Mack announced yesterday that “We are doing everything within our power to support our health-care customers and provide them with the information and resources they need to provide quality patient care, including offering an alternative system and solutions.”

In addition to fixing its systems and working hard to bring customers back online, the company has been improving its security to prevent future attacks.

Even though most systems are now back online, it may be difficult to convince hospitals to return. Many have since switched to other service providers as a result of the attack and loss of its services. Many are unlikely to return. That is likely to make a serious dent in its Q3 profits at the very least. At present, the company’s share price has fallen 6% since the attack.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.