PA Health System, Health IT Vendor Affected by Global “Petya” Ransomware Attack | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

PA Health System, Health IT Vendor Affected by Global “Petya” Ransomware Attack

June 28, 2017
by Heather Landi
| Reprints
Click To View Gallery

Heritage Valley Health Systems, based in Beaver, Pennsylvania, has confirmed that it was a victim of the global ransomware cyber attack, which some are referring to as the “Petya” ransomware virus, that hit multinational companies Tuesday, with companies across Europe, Russia and Ukraine hit especially hard, as previously reported by Healthcare Informatics.

U.S.-based drug maker Merck also was impacted by the malware incident as was Nuance Communications, a Burlington, Mass.-based technology company that provides cloud-based dictation and transcription service to hospitals and health systems.

NPR, in an online article, reports that the cyber attack has struck computers in at least 65 countries and that Microsoft says the ransomware can be traced to a Ukrainian company’s tax accounting software.

The incident at Heritage Valley affected the entire health system, including two hospitals and satellite and community locations scattered across western Pennsylvania, and the health system took its IT systems down, officials at Heritage Valley Health System stated on its website. The health system serves four Pennsylvania counties as well as parts of Ohio and West Virginia.

The health system set up a page, titled “Updates on the Cyber Security Incident at Heritage Valley Health System,” and posted at 11:35 am Tuesday, “Heritage Valley Health System has been affected by a cyber security incident. The incident is widespread and is affecting the entire health system including satellite and community locations. We have implemented downtime procedures and made operational adjustments to ensure safe patient care continues un-impeded.”

On Tuesday afternoon, the health system confirmed that the incident “has been identified as the same ransomware attack that affected a number of organizations globally. Corrective measures supplied by our antivirus software vendor have been developed and are being implemented and tested within the health system. Additionally, other restorative measures are being undertaken at this time. Heritage Valley continues to implement downtime procedures and make operational adjustments to ensure safe patient care.”

Local newspaper The Beaver County Times reported this morning that the health system was still attempting to restore it systems. The newspaper quoted Heritage Valley spokeswoman Suzanne Sakson who stated that the health system is “confident that it has identified the cause and is systematically restoring registration, clinical patient and ancillary care systems.”

Nuance Communications confirmed via its website and on Twitter that its network also had been affected by the global malware incident. On its website, the company stated, “Nuance Communications, Inc. indicated that on Tuesday, June 27, portions of its network were affected by a global malware incident, which also affected many other companies and organizations worldwide. As soon as the company became aware of the situation, it took measures to contain the incident and assess the extent of the impact on its network. Nuance has engaged leading security experts to assist in responding to the incident.”


The company also said it would provide updates about the situation via Twitter @nuanceinc.

Several hospital users alerted the media to Nuance’s network being down prior to the company’s written confirmation. According to a Nuance company fact sheet, the company’s healthcare solutions are deployed in 86 percent of all U.S. hospitals. More than 500,000 clinicians and 10,000 healthcare facilities worldwide use the company’s clinical documentation solutions.

New Jersey-based pharmaceutical company Merck was another U.S.-based company affected by the Petya cyber attack, which demanded that victims pay a ransom or have their company networks remain locked and inaccessible. According to an article in The Washington Post, Merck also has a European presence, with an office in Ukraine, where many of the ransomware attacks were concentrated.

“Merck employees arrived at their offices Tuesday morning only to find a ransomware note on their computers,” the WP article stated. Merck confirmed via Twitter Tuesday morning that “its network was compromised as part of global hack.”


Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Again? Shouldn't we start thinking about the root of the problem, which is the Bitcoin? If we ban it together with other e-coins like LTC or ETH, then the criminals will have far less anonymous options to get ransom from victims.

Looking forward for others views on this matter!

Emmy from

Terrible news. The worst thing about recent ransomware attacks is they are often being connected with the data encryption. Some governments have stated, that without encrypting files all this disaster wouldn't even happen, thus they'd like to make data encryption illegal, which is a major violation of our rights to freedom...

Thanks for this very important article, Heather.