Nuance Communications Settles MOVEit Lawsuit for $8.5 Million
A District Court judge has recently given preliminary approval of an $8.5 million settlement to resolve a consolidated class action complaint against the HIPAA business associate Nuance Communications over a May 2023 data breach.
Nuance Communications is a Microsoft-owned computer software company based in Burlington, Massachusetts. The company provides speech recognition solutions and is a vendor to the healthcare industry. Its AI-powered healthcare software solutions are used by physicians and radiologists to deliver personalized and connected experiences to improve care management.
Nuance used Progress Software’s MOVEit Transfer software solution for file transfers. In May 2023, a hacking group known to target file transfer solutions found and exploited a zero-day vulnerability that allowed access to data stored within the MOVEit environment. Nuance has previously confirmed that 13 of its healthcare provider clients were affected. The breached data included names, addresses, email addresses, birth dates, and information related to health records and health insurance. Nuance said 1,225,054 individuals were affected. In total, the breach involved unauthorized access to the personal data of approximately 93 million individuals.
Many class action lawsuits were filed in relation to the MOVEIt data breach, six of which were filed against Nuance Communications and were consolidated into a single complaint – In Re: MOVEit Customer Data Security Breach Litigation – as the lawsuits had overlapping claims. The lawsuits alleged that Nuance Communications was negligent by failing to implement appropriate safeguards to ensure all data within the MOVEit system was protected against unauthorized access.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Nuance denies liability for all claims and maintains that there was no wrongdoing, has not violated anyone’s privacy, nor breached any contract; however, it chose to settle the litigation. Under the terms of the settlement, Nuance has agreed to create an $8.5 million settlement fund to cover attorneys’ fees (up to $2,833,333.33), attorneys’ expenses, settlement administration and notice costs ($550,000), and class representative awards ($2,500 per named plaintiff). After those costs have been deducted from the settlement, the remainder will be used to pay for benefits to class members.
Under the terms of the settlement, class members may submit a claim for reimbursement of out-of-pocket expenses and losses linked to the data breach. Claims may be submitted for ordinary losses up to a maximum of $2,500 per class member, and up to $10,000 for reimbursement of extraordinary losses. Claims for losses can include up to 4 hours of lost time at $25 per hour.
Alternatively, class members may submit a claim for a cash payment, which is expected to be appropriately $100 per class member, although it is subject to a pro rata adjustment depending on the number of claims received. All class members are entitled to claim 2 years of credit monitoring and identity theft protection, and insurance services.
The Honorable Allision D. Burroughs of the U.S. District Court for the District of Massachusetts has recently given preliminary approval of the settlement, and the final approval hearing is scheduled for March 18, 2026. Individuals wishing to object to or exclude themselves from the settlement must do so by November 24, 2025, and the deadline for submitting claims is 30 days later. More than 100 other lawsuits filed over the MOVEit data breach are pending. Some of the other affected companies have already announced settlements.
