Cyber Attack Update: Nuance Still Down, Researchers Believe “Petya” is not Ransomware | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Cyber Attack Update: Nuance Still Down, Researchers Believe “Petya” is not Ransomware

June 29, 2017
by Heather Landi
| Reprints
Click To View Gallery

Nuance Communications, a Burlington, Mass.-based technology company that provides cloud-based dictation and transcription service to hospitals and health systems, continues to be down following the global malware incident on Tuesday that affected multinational companies in at least 65 countries.

Portions of Nuance’s network was impacted by the malware incident, which includes a significant part of its services to healthcare organizations. The company is posting updates about the situation to its website. On Wednesday, Nuance said in a web post that it is offering alternative dictation services, specifically Dragon Medical One or Dragon Medical Network Edition, for customers impacted by the transcription services outage. The company also is offering other alternative dictation services.

“In addition to Nuance Transcription services and radiology critical test results, the following solutions also are impacted: Assure, Dragon Medical Advisor, Cerner DQR, Computer Assisted Coding, Computer Assisted-CDI, CLU software development kit, and our Quality Solutions products including Quality Measures, Claims Editor, and Performance Analytics/Clinical Analytics. Today our technical teams are continuing to work on network server recovery, determining the recovery process and timing, and other client options,” the company stated.

Nuance also said it is hosting a conference call today, Thursday, June 29th at 2:00 pm EST or 6:00 pm EST to answer frequently asked questions as well as discuss an alternative transcription platform option. Healthcare customers are urged to contact their account executive, account manager, or support for dial-in information.

According to a Nuance company fact sheet, the company’s healthcare solutions are deployed in 86 percent of all U.S. hospitals. More than 500,000 clinicians and 10,000 healthcare facilities worldwide use the company’s clinical documentation solutions.

In another development, some cybersecurity researchers have announced that Petya, or NotPetya as some call it, is not a ransomware attack and said that victims should not pay the ransom as they will not be able to restore or decrypt their files. Matt Suiche founder of security firm Comae Technologies posted on SecureList saying that this version of Petya is a “disguised wiper” and not ransomware. “The goal of a wiper is to destroy and damage. The goal of ransomware is to make money. Different intent. Different motive. Different narrative. A ransomware has the ability to restore its modification such as (restoring the MBR like in the 2016 Petya, or decrypting files if the victim pays) — a wiper would simply destroy and exclude possibilities of restoration, wrote Matt Suiche with Comae Technologies.

Researchers from Kaspersky Labs also confirmed that they believe Petya is a wiper and not ransomware. “After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain. Instead, it appears it was designed as a wiper pretending to be ransomware,” wrote Anton Ivanov and Orkhan Mamedov in a post on SecureList.

Further, the Kaspersky Labs researchers concluded, “That means that the attacker cannot extract any decryption information from such a randomly generated string displayed on the victim, and as a result, the victims will not be able to decrypt any of the encrypted disks using the installation ID.”

And, they wrote, “What does it mean? Well, first of all, this is the worst-case news for the victims – even if they pay the ransom they will not get their data back. Secondly, this reinforces the theory that the main goal of the ExPetr attack was not financially motivated, but destructive.”

Some services at Heritage Valley Health System, based in Beaver, Pennsylvania, continue to be hampered by the effects of Tuesday’s cyber attack. The health system announced Thursday, on its website, that all lab and diagnostic services at neighborhood and community locations would remain closed for the second consecutive day as it worked to fully rectify the issue.

The incident at Heritage Valley affected the entire health system, including two hospitals and satellite and community locations scattered across western Pennsylvania, and the health system took its IT systems down, officials at Heritage Valley Health System stated on its website. The health system serves four Pennsylvania counties as well as parts of Ohio and West Virginia.

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Allscripts Acknowledges Ransomware Attack, Says Impact is “Limited”

Health IT vendor Allscripts has acknowledged that it is investigating a ransomware incident that has impacted a limited number of its applications.

AHRQ to Fund Patient Safety Learning Laboratories

The federal Agency for Healthcare Research Quality plans to spend up to $5 million in fiscal 2018 to support as many as eight patient safety learning laboratories.

RCM Global Software Market to Hit $43.3B by 2022, Report Finds

The global market for healthcare revenue cycle management software is estimated to reach $43.3 billion by the end of 2022, according to a report from Future Market Insights (FMI).

Global Open Source HIT Project Gets $1M Donation From Cryptocurrency Philanthropy

OpenMRS, Inc., an open source medical records platform used in developing countries, has received a $1 million donation from the Pineapple Fund, an $86 million cryptocurrency philanthropy created by an anonymous donor known only as “Pine.”

Media Reports: Massive Data Breach of Norwegian Health Authority Could Impact 3 Million Patients

International media outlets are reporting that a hacker or hacker group breached the systems of Norway’s Health South East EHF, potentially compromising the healthcare data of nearly 3 million patients, or about half of Norway’s population.

Healthcare Groups Call for Improvements to Prior Authorization Process

A collaborative of healthcare organizations, including the American Medical Association, the American Hospital Association, and the Medical Group Management Association, released a joint statement this week calling for improved prior authorization procedures, including automating the process to improve transparency and efficiency.