Cyber Attack Update: NH-ISAC Issues Petya Mitigations, Nuance Still Down, Heritage Valley Systems Restored | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Cyber Attack Update: NH-ISAC Issues Petya Mitigations, Nuance Still Down, Heritage Valley Systems Restored

July 6, 2017
by Heather Landi
| Reprints

The healthcare business of Nuance Communications, a Burlington, Mass.-based technology company, continues to be affected by the global malware incident June 27 that affected multinational companies in at least 65 countries, according to an update posted to the company’s website July 5.

In other news, Heritage Valley Health System announced July 3 that all acute, ambulatory and ancillary care services have been restored at its medical neighborhoods and satellite community locations, following a cyber security incident that impacted the entire health system June 27.

Nuance provides cloud-based dictation and transcription service to hospitals and health systems, and according to a company fact sheet, the company’s healthcare solutions are deployed in 86 percent of all U.S. hospitals. More than 500,000 clinicians and 10,000 healthcare facilities worldwide use the company’s clinical documentation solutions.

Nuance is offering alternative dictation services, specifically Dragon Medical One or Dragon Medical Network Edition, for customers impacted by the transcription services outage. The company also is offering other alternative dictation services.

Nuance stated in its July 5 update: “As previously disclosed, on June 27, certain systems within the Nuance network were affected by a global malware incident. We are working tirelessly to respond to the incident and ensure continuity for customers. As soon as we became aware of the malware, we immediately took measures to contain it and assess the extent of its effects on our network, including taking certain systems offline regardless of whether they had been impacted.  We understand that these actions and our inability to communicate with our customers and others through ordinary channels has caused significant inconvenience.”

Company officials stated that they have engaged experts in cybersecurity and forensics, “and have called upon the resources of major IT infrastructure vendors to assist us in our recovery efforts.” “We are working around the clock to restore our systems, add further security controls, and ensure our customers can resume functionality with their systems. Importantly, there is no evidence to suggest that any customer information has been removed from the network,” the company said.

Further the company stated that its healthcare business has been the most affected. “We are doing everything within our power to support our healthcare customers and provide them with the information and resources they need to provide quality patient care, including offering an alternative transcription system and additional Dragon Medical solutions.”

In another development, the National Health Information Sharing and Analysis Center (NH-ISAC) announced that it had a Petya ransomware vaccine, and also offered mitigation tactics that organizations can follow to minimize the potential risk of infection.

In an NH-ISAC Threat Intel Committee Advisory update, NH-ISAC said organizations can create a “vaccine file.”

“On execution, the known Petya samples delete themselves and perform a check to verify if this deletion is successful. If the file is still present, Petya will exit. This behavior can be turned into a protection mechanism of sorts.  If you create a vaccine file: C:\Windows\perfc and set the permissions of the file to deny write permissions to everyone, including system administrators, infection can’t succeed as Petya will be unable to copy itself over. Keep in mind that some security tools operate on very simple signatures, and it’s possible you’ll get alerts. This prevents all currently known lateral spread methods,” the organization wrote.

NH-ISAC also wrote, “Petya is a derivative of GoldenEye commodity ransomware, equipped with several self-replicating mechanisms.  The self-replicating behavior is what sets it apart from other ransomware, and it is directly responsible for widespread impact.”

The organization also provided a number of mitigation techniques, which can be found on the NH-ISAC website here.

The two-hospital Heritage Valley Health System, based in Moon Township, Pennsylvania, said in its update posted July 3 that despite the lack of access to computer systems following last Tuesday’s cyber-attack, Heritage Valley Sewickley and Heritage Valley Beaver Hospitals, Heritage Valley Medical Group, Heritage Valley Pediatrics and Tri-State Obstetrics & Gynecology physician practices, ConvenientCare walk in clinics and all other community locations remained open and operational. “The only operational interruptions were with lab and diagnostic imaging services at community locations. Those lab and diagnostic imaging services are now fully functional,” the health system stated.

“While providing care without access to computers is challenging, the physicians and employees of Heritage Valley continued to deliver safe patient care throughout this adverse situation,” Norm Mitry, president and CEO, Heritage Valley Health System, said in a prepared statement. “Through regular mock disaster drills the leadership, physicians and staff train to maintain quality care delivery in any situation. During this time we implemented downtime procedures until systems could be restored.” 

The cyber security incident was identified as the same ransomware attack that affected a number of organizations globally last Tuesday. There is no indication that Heritage Valley Health System was specifically targeted.


Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Geisinger National Precision Health Hires Illumina Exec to Lead Business Development

Integrated health system Geisinger has hired a high-profile genetic counselor to head up business development for Geisinger National Precision Health, which was created to extend the Geisinger model on the national scene.

$30M VC Fund Launched to Spur Innovation in Cardiovascular Care

The American Heart Association, together with Philips and UPMC, has announced the launch of Cardeation Capital, a $30 million collaborative venture capital fund designed to spur healthcare innovation in heart disease and stroke care.

Epic Wins Labor Dispute in Closely Divided Supreme Court Decision

Epic Systems Corporation won a major labor-law ruling in the Supreme Court on Monday, centering around the extent of corporations’ right to force employees to sign arbitration agreements, and with a 5-4 ruling in its favor

Survey: Two-Thirds of Physician Practices Seeking Out Value-Based Care Consulting Firms

Most physician organizations are not prepared for the move to value-based care, and 95 percent CIOs of group practices and large clinics state they do not have the information technology or staff in-house needed to transform value-based care end-to-end, according to a recent Black Book Market Research.

Cumberland Consulting Buys LinkEHR, Provider of Epic Help Desk Services

Cumberland Consulting Group, a healthcare consulting and services firm, has acquired LinkEHR, which provides remote application support, including Epic help desk services.

Population Health Tool that Provides City-Level Data Expands to 500 Cities

A data visualization tool that helps city officials understand the health status of their population, called the City Health Dashboard, has now expanded to 500 of the largest cities in the U.S., enabling local leaders to identify and take action around the most pressing health needs in their cities and communities.