Nuance Communications Data Breach Investigation
The Lyon Firm is representing data theft victims nationwide in a growing number of data security incidents that leave individuals at serious risk of identity theft and fraud. We are investigating the MOVEit attack and how it impacted Nuance Communications, as well as numerous North Carolina healthcare entities. More than 1.2 million individuals linked to Nuance may be impacted by the IT security incident.
The number of healthcare entities impacted by the MOVEit file transfer attack has swelled as Nuance Communications now says that the hackers have stolen data belonging to at least fourteen of its North Carolina clients.
Nuance Communications is a Microsoft-owned computer software company that provides software for sharing radiology documentation between medical providers. The company recently confirmed it was part of the zero-day vulnerability in Progress Software’s MOVEit Transfer file transfer application. Though a patch by Progress was available within days, the damage had already been done.
Join the MOVEit & Nuance Class Action Lawsuit
The Lyon Firm has filed a lawsuit against Progress Software, the parent company that operates the MOVEit software that was hacked. Plaintiffs have also named several other defendants in the complaint, including Nuance Communications. It is not too late to join the class action. Call now to learn if you qualify for possible compensation.
What Happened at Nuance?
On September 15, 2023 Nuance filed with the Attorney General of California that it was a victim of a data breach involving a vulnerability in Progress Software’s MOVEit managed file transfer platform. They were certainly not alone in this mess, however, the company was quite late in discovering the data leak.
It is now estimated that about 2,600 organizations and more than 94 million individuals worldwide have suffered data compromises caused by MOVEit attacks. This number is expected to rise.
Nuance said it uses MOVEit to exchange files with customers and business partners. Nuance was allegedly notified by Progress Software on May 31, 2023, that a previously unknown vulnerability had been identified and a software patch was provided. But Clop group hackers had already been exploited the vulnerability between May 28 and 29. The data compromised in the attack includes the following:
- Name
- Address
- Email address
- Birth date
- Gender
- Date(s) of service
- Service locations
- Practitioners’ names
- Imaging reports
- Diagnoses
- Treatments provided
- Medication dosages
- Medical record numbers
- Power of attorney names
- Health insurance numbers
Which Healthcare Entities were Impacted?
Healthcare facilities have been a prime target for hackers in recent years, largely because of the large amount of valuable data hospitals store on their networks. Healthcare companies have struggled to keep up with cybercriminals, and the security lags have often resulted in data breach incidents that impact millions of American consumers. Experts say there is really only one way to improve IT security, and that is to invest heavily in cybersecurity measures, something many organizations have failed to do.
Nuance says the following healthcare facilities in North Carolina were affected:
- Atrium Health
- Catawba Valley Medical Center
- Charlotte Radiology
- Duke University Health System
- DLP Central Carolina Medical Center
- ECU Health.
- FirstHealth of the Carolinas
- Mission Health System
- Novant Health.
- UNC Health.
- Wake Radiology Diagnostic Imaging
- WakeMed Health & Hospitals
More About Nuance Communications
Nuance Communications is a business intelligence software company based in Burlington, Massachusetts, providing voice recognition and natural language understanding solutions to clients worldwide. Nuance was acquired by Microsoft in 2021 for nearly $20 billion and offers speech recognition and natural language processing technologies that can help reduce provider administrative burden and improve the flow of healthcare data exchanges.
This isn’t the first instance of cyberattacks for the company. In 2017, Nuance was one of the companies hit by Petya/NotPetya malware attacks, which were masked as ransomware, but were meant to disrupt and destroy data.
If negligent, any healthcare company could be liable for the following:
- Not monitoring IT security systems for ongoing intrusions
- Not ensuring that third-party vendors with access to company data employ reasonable security measures
- Improperly training employees in handling emails containing personal health and financial data
- Failing to follow federal regulations, policies and procedures to protect electronic data access
- Improperly protecting against IT security threats to the integrity of stored data
Our class action privacy lawyers will determine if you are eligible to file a data breach lawsuit or join a class of existing plaintiffs. If you have received a data breach notification letter from Nuance contact our legal team to discuss your next steps.