Cyber Attack Update: Nuance Still Down, Researchers Believe “Petya” is not Ransomware | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Cyber Attack Update: Nuance Still Down, Researchers Believe “Petya” is not Ransomware

June 29, 2017
by Heather Landi
| Reprints
Click To View Gallery

Nuance Communications, a Burlington, Mass.-based technology company that provides cloud-based dictation and transcription service to hospitals and health systems, continues to be down following the global malware incident on Tuesday that affected multinational companies in at least 65 countries.

Portions of Nuance’s network was impacted by the malware incident, which includes a significant part of its services to healthcare organizations. The company is posting updates about the situation to its website. On Wednesday, Nuance said in a web post that it is offering alternative dictation services, specifically Dragon Medical One or Dragon Medical Network Edition, for customers impacted by the transcription services outage. The company also is offering other alternative dictation services.

“In addition to Nuance Transcription services and radiology critical test results, the following solutions also are impacted: Assure, Dragon Medical Advisor, Cerner DQR, Computer Assisted Coding, Computer Assisted-CDI, CLU software development kit, and our Quality Solutions products including Quality Measures, Claims Editor, and Performance Analytics/Clinical Analytics. Today our technical teams are continuing to work on network server recovery, determining the recovery process and timing, and other client options,” the company stated.

Nuance also said it is hosting a conference call today, Thursday, June 29th at 2:00 pm EST or 6:00 pm EST to answer frequently asked questions as well as discuss an alternative transcription platform option. Healthcare customers are urged to contact their account executive, account manager, or support for dial-in information.

According to a Nuance company fact sheet, the company’s healthcare solutions are deployed in 86 percent of all U.S. hospitals. More than 500,000 clinicians and 10,000 healthcare facilities worldwide use the company’s clinical documentation solutions.

In another development, some cybersecurity researchers have announced that Petya, or NotPetya as some call it, is not a ransomware attack and said that victims should not pay the ransom as they will not be able to restore or decrypt their files. Matt Suiche founder of security firm Comae Technologies posted on SecureList saying that this version of Petya is a “disguised wiper” and not ransomware. “The goal of a wiper is to destroy and damage. The goal of ransomware is to make money. Different intent. Different motive. Different narrative. A ransomware has the ability to restore its modification such as (restoring the MBR like in the 2016 Petya, or decrypting files if the victim pays) — a wiper would simply destroy and exclude possibilities of restoration, wrote Matt Suiche with Comae Technologies.

Researchers from Kaspersky Labs also confirmed that they believe Petya is a wiper and not ransomware. “After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain. Instead, it appears it was designed as a wiper pretending to be ransomware,” wrote Anton Ivanov and Orkhan Mamedov in a post on SecureList.

Further, the Kaspersky Labs researchers concluded, “That means that the attacker cannot extract any decryption information from such a randomly generated string displayed on the victim, and as a result, the victims will not be able to decrypt any of the encrypted disks using the installation ID.”

And, they wrote, “What does it mean? Well, first of all, this is the worst-case news for the victims – even if they pay the ransom they will not get their data back. Secondly, this reinforces the theory that the main goal of the ExPetr attack was not financially motivated, but destructive.”

Some services at Heritage Valley Health System, based in Beaver, Pennsylvania, continue to be hampered by the effects of Tuesday’s cyber attack. The health system announced Thursday, on its website, that all lab and diagnostic services at neighborhood and community locations would remain closed for the second consecutive day as it worked to fully rectify the issue.

The incident at Heritage Valley affected the entire health system, including two hospitals and satellite and community locations scattered across western Pennsylvania, and the health system took its IT systems down, officials at Heritage Valley Health System stated on its website. The health system serves four Pennsylvania counties as well as parts of Ohio and West Virginia.

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

NIH-Funded Genomic Data Center will Focus on Childhood Cancers

The NIH is spearheading a $14.8 million, five-year effort to launch a data resource center for cancer researchers around the world in order to accelerate the discovery of novel treatments for childhood tumors.

AMIA, Premier, AHA and AMA Comment on CMS’s 2018 MACRA Proposed Rule

Several healthcare and health IT organizations submitted recommendations and comments to the Centers for Medicare & Medicaid Services’ (CMS’s) 2018 proposed rule on the Quality Payment Program (QPP) established under the Medicare Access and CHIP Reauthorization Act (MACRA). Comments on the proposed rule were due today.

Hackensack Meridian Health Invests $25M in Tech Incubator

New Jersey-based Hackensack Meridian Health has teamed up with the New Jersey Innovation Institute (NJIT) to open a health incubator with a design similar to the reality show ”Shark Tank,” in which companies pitch healthcare innovation ideas to a panel of experts.

Protenus: Hacking Incidents Outweigh Insider Breaches in July

July is the first month in 2017 to have healthcare cybersecurity hacking incidents outweigh insider breaches to patient data in both frequency and number of affected patient records, according to the latest report from Protenus.

IBM, JDRF Collaborate to Apply Machine Learning to Type 1 Diabetes Research

IBM and JDRF, a global organization funding type 1 diabetes research, are collaborating to develop and apply machine learning methods to analyze years of global type 1 diabetes research data and identify factors leading to the onset of the disease children.