Cyber Attack Update: Nuance Still Down, Researchers Believe “Petya” is not Ransomware | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Cyber Attack Update: Nuance Still Down, Researchers Believe “Petya” is not Ransomware

June 29, 2017
by Heather Landi
| Reprints
Click To View Gallery

Nuance Communications, a Burlington, Mass.-based technology company that provides cloud-based dictation and transcription service to hospitals and health systems, continues to be down following the global malware incident on Tuesday that affected multinational companies in at least 65 countries.

Portions of Nuance’s network was impacted by the malware incident, which includes a significant part of its services to healthcare organizations. The company is posting updates about the situation to its website. On Wednesday, Nuance said in a web post that it is offering alternative dictation services, specifically Dragon Medical One or Dragon Medical Network Edition, for customers impacted by the transcription services outage. The company also is offering other alternative dictation services.

“In addition to Nuance Transcription services and radiology critical test results, the following solutions also are impacted: Assure, Dragon Medical Advisor, Cerner DQR, Computer Assisted Coding, Computer Assisted-CDI, CLU software development kit, and our Quality Solutions products including Quality Measures, Claims Editor, and Performance Analytics/Clinical Analytics. Today our technical teams are continuing to work on network server recovery, determining the recovery process and timing, and other client options,” the company stated.

Nuance also said it is hosting a conference call today, Thursday, June 29th at 2:00 pm EST or 6:00 pm EST to answer frequently asked questions as well as discuss an alternative transcription platform option. Healthcare customers are urged to contact their account executive, account manager, or support for dial-in information.

According to a Nuance company fact sheet, the company’s healthcare solutions are deployed in 86 percent of all U.S. hospitals. More than 500,000 clinicians and 10,000 healthcare facilities worldwide use the company’s clinical documentation solutions.

In another development, some cybersecurity researchers have announced that Petya, or NotPetya as some call it, is not a ransomware attack and said that victims should not pay the ransom as they will not be able to restore or decrypt their files. Matt Suiche founder of security firm Comae Technologies posted on SecureList saying that this version of Petya is a “disguised wiper” and not ransomware. “The goal of a wiper is to destroy and damage. The goal of ransomware is to make money. Different intent. Different motive. Different narrative. A ransomware has the ability to restore its modification such as (restoring the MBR like in the 2016 Petya, or decrypting files if the victim pays) — a wiper would simply destroy and exclude possibilities of restoration, wrote Matt Suiche with Comae Technologies.

Researchers from Kaspersky Labs also confirmed that they believe Petya is a wiper and not ransomware. “After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain. Instead, it appears it was designed as a wiper pretending to be ransomware,” wrote Anton Ivanov and Orkhan Mamedov in a post on SecureList.

Further, the Kaspersky Labs researchers concluded, “That means that the attacker cannot extract any decryption information from such a randomly generated string displayed on the victim, and as a result, the victims will not be able to decrypt any of the encrypted disks using the installation ID.”

And, they wrote, “What does it mean? Well, first of all, this is the worst-case news for the victims – even if they pay the ransom they will not get their data back. Secondly, this reinforces the theory that the main goal of the ExPetr attack was not financially motivated, but destructive.”

Some services at Heritage Valley Health System, based in Beaver, Pennsylvania, continue to be hampered by the effects of Tuesday’s cyber attack. The health system announced Thursday, on its website, that all lab and diagnostic services at neighborhood and community locations would remain closed for the second consecutive day as it worked to fully rectify the issue.

The incident at Heritage Valley affected the entire health system, including two hospitals and satellite and community locations scattered across western Pennsylvania, and the health system took its IT systems down, officials at Heritage Valley Health System stated on its website. The health system serves four Pennsylvania counties as well as parts of Ohio and West Virginia.

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

David Bates to Receive Glaser Award at UTHealth School of Biomedical Informatics

On Oct. 30, the 2017 John P. Glaser Health Informatics Innovator Award will be presented to patient safety expert David Bates, M.D.

TMCx Digital Health Accelerator Prepares for 2018 Class

TMCx, a digital health accelerator program launched in 2015 by the Texas Medical Center’s Innovation Institute, is seeking applications for its 2018 class of startups.

DoD, Leidos Roll Out MHS Genesis at Madigan Army Medical Center

Madigan Army Medical Center in Takoma, Washington is now the fourth military site to go live with the MHS Genesis electronic health record (EHR) system.

athenahealth to Cut Workforce by 9 Percent, Close Two Offices

athenahealth, the Watertown, Mass.-based electronic health record (EHR) vendor, expects to reduce its workforce by about 9 percent due to an organizational redesign that also involves the closure of two offices.

CISO Survey: End Users See Security as a Hurdle to Innovation

Traditional approaches to security are leading to frustrated users and strained relationships between workers and IT departments, according to the findings of a CISO survey. About three-fourths (74 percent) of CISOs say end users are frustrated that security disrupts productivity and 81 percent say end users see corporate security policies as a hurdle to innovation.

Michigan HIE Implementing Alerts for Social Determinants of Health

Great Lakes Health Connect (GLHC), Michigan’s health information exchange (HIE), is partnering with health IT solutions company Holon Solutions to enable alerts that address patients’ physical, mental and social determinants of health.