Healthcare Information Security

Cybersecurity News

Nuance Restores 75% of Clients After NotPetya Malware Attack

Nuance announced that it is working on its recovery following the NotPetya malware attack, which affected portions of the organization’s network.

Nuance is almost fully recovered from its NotPetya malware attack in June.

Source: Thinkstock

By Elizabeth Snell

- Massachusetts-based Nuance Communications, Inc. stated that it has restored 75 percent of its clients following the NotPetya malware attack it experienced last month.

Nuance Healthcare, which offers a transcription platform used by medical professionals, said its flagship eScription LH platform has almost been returned to all customers. The 75 percent mark accounts for approximately 90 percent of the total annualized volume of lines that are transcribed on the eScription LH platform, the company said in a statement.

Nuance Healthcare Division Executive Vice President and General Manager Satish Maripuri explained that the restoration is nearly complete.

“Since the incident occurred, our top priority has been to bring our clients back on-line and support them in their mission of providing quality services to their patients,” Maripuri stated.

BayCare Health System Chief Information Officer and Senior Vice President Tim Thompson said that Nuance had been a “great partner” throughout the difficult situation.

“We appreciated their efforts to keep us informed about their progress and they worked with us to give us the confidence we needed in their security infrastructure,” Thompson noted. “We are now fully functional and all of our doctors are back to dictating.”

Nuance previously announced on June 28, 2017 that it had been impacted by a malware incident that had also affected numerous organizations around the globe.

“Portions of [Nuance’s] network were affected by a global malware incident, which also affected many other companies and organizations worldwide,” Nuance explained. “As soon as the company became aware of the situation, it took measures to contain the incident and assess the extent of the impact on its network.”

“Nuance has engaged leading security experts to assist in responding to the incident.” 

In the most recent announcement, Nuance maintained that service has been fully restored since July 3 for the entire client base of the eScription RH and Clinic 360 solutions residing on the cloud-based Emdat platform.

“All clients of Nuance’s Critical Test Results Management application, which is part of the radiology workflow, were reactivated on July 16,” the company stated. “Nuance is providing cloud-based options for a sub-set of the client base that were on older iChart and BeyondText transcription platforms. No Nuance customer data has been altered, lost or removed by the malware.”

Nuance added that its PowerScribe and Dragon Medical One solutions were not impacted by the NotPetya malware incident and have remained available to customers.

The NotPetya attacks were different from the previous Petya ransomware strain in that it was modified to include worm functionality. Petya ransomware took advantage of unpatched and outdated systems, and would encrypt the master boot records of infected Windows computers, according to US-CERT.

“The Petya variant is a self-propagating worm that can laterally move through an infected network by harvesting credentials and active sessions on the network, exploiting previously identified SMB vulnerabilities, and using legitimate tools such as the Windows Management Instrumentation Command-line (WMIC) tool and the PsExec network management tool,” Industrial Control Systems (ICS)-CERT stated on its website.

An affected system will then scan the local network for additional systems to infect. The strain will then encrypt files and overwrite the Master Boot Record or wipe parts of the disk drive.

ICS-CERT recommended that users apply the MS17-010 Microsoft patch to help minimize the risk associated with Petya malware and its numerous strains. Organizations should also disable SMBv1 on every system connected to the network and block all traffic on Port 139/TCP and 445/TCP to prevent propagation.

The following steps were also recommended:

  • Review network traffic to confirm that there is no unexpected SMBv1 network traffic
  • Isolate or protect vulnerable embedded systems that cannot be patched from potential network exploitation
  • Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet
  • Locate control system networks and devices behind firewalls, and isolate them from the business network.

“ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures,” the agency stated. “ICS-CERT also provides a control systems recommended practices page on the ICS-CERT web site.”


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...