Skip to main content

Nuance Communications Data Breach Investigation

The Lyon Firm is representing data theft victims nationwide in a growing number of data security incidents that leave individuals at serious risk of identity theft and fraud. We are investigating the MOVEit attack and how it impacted Nuance Communications, as well as numerous North Carolina healthcare entities. More than 1.2 million individuals linked to Nuance may be impacted by the IT security incident. 

The number of healthcare entities impacted by the MOVEit file transfer attack has swelled as Nuance Communications now says that the hackers have stolen data belonging to at least fourteen of its North Carolina clients.

Nuance Communications is a Microsoft-owned computer software company that provides software for sharing radiology documentation between medical providers. The company recently confirmed it was part of the zero-day vulnerability in Progress Software’s MOVEit Transfer file transfer application.

What Happened?

It is now estimated that about 1,190 organizations and more than 56 million individuals worldwide have suffered data compromises caused by MOVEit attacks. This number is expected to rise.

Nuance said it uses MOVEit to exchange files with customers and business partners. Nuance was allegedly notified by Progress Software on May 31, 2023, that a previously unknown vulnerability had been identified and a software patch was provided. But Clop group hackers had already been exploited the vulnerability between May 28 and 29. The data compromised in the attack includes the following:

  • Name
  • Address
  • Email address
  • Birth date
  • Gender
  • Date(s) of service
  • Service locations
  • Practitioners’ names
  • Imaging reports
  • Diagnoses
  • Treatments provided
  • Medication dosages
  • Medical record numbers
  • Power of attorney names
  • Health insurance numbers

Which North Carolina Entities were Impacted?

Nuance says the following healthcare facilities in North Carolina were affected:

  • Atrium Health
  • Catawba Valley Medical Center
  • Charlotte Radiology
  • Duke University Health System
  • DLP Central Carolina Medical Center
  • ECU Health.
  • FirstHealth of the Carolinas
  • Mission Health System
  • Novant Health.
  • UNC Health.
  • Wake Radiology Diagnostic Imaging
  • WakeMed Health & Hospitals

About Nuance Communications

Nuance Communications is a business intelligence software company based in Burlington, Massachusetts, providing voice recognition and natural language understanding solutions to clients worldwide.

If negligent, any healthcare company could be liable for the following:

  • Not monitoring IT security systems for ongoing intrusions
  • Not ensuring that third-party vendors with access to company data employ reasonable security measures
  • Improperly training employees in handling emails containing personal health and financial data
  • Failing to follow federal regulations, policies and procedures to protect electronic data access
  • Improperly protecting against IT security threats to the integrity of stored data

Our class action privacy lawyers will determine if you are eligible to file a data breach lawsuit or join a class of existing plaintiffs. If you have received a data breach notification letter from Nuance contact our legal team to discuss your next steps.