Cyber Attack Update: Nuance Still Down, Researchers Believe “Petya” is not Ransomware | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Cyber Attack Update: Nuance Still Down, Researchers Believe “Petya” is not Ransomware

June 29, 2017
by Heather Landi
| Reprints
Click To View Gallery

Nuance Communications, a Burlington, Mass.-based technology company that provides cloud-based dictation and transcription service to hospitals and health systems, continues to be down following the global malware incident on Tuesday that affected multinational companies in at least 65 countries.

Portions of Nuance’s network was impacted by the malware incident, which includes a significant part of its services to healthcare organizations. The company is posting updates about the situation to its website. On Wednesday, Nuance said in a web post that it is offering alternative dictation services, specifically Dragon Medical One or Dragon Medical Network Edition, for customers impacted by the transcription services outage. The company also is offering other alternative dictation services.

“In addition to Nuance Transcription services and radiology critical test results, the following solutions also are impacted: Assure, Dragon Medical Advisor, Cerner DQR, Computer Assisted Coding, Computer Assisted-CDI, CLU software development kit, and our Quality Solutions products including Quality Measures, Claims Editor, and Performance Analytics/Clinical Analytics. Today our technical teams are continuing to work on network server recovery, determining the recovery process and timing, and other client options,” the company stated.

Nuance also said it is hosting a conference call today, Thursday, June 29th at 2:00 pm EST or 6:00 pm EST to answer frequently asked questions as well as discuss an alternative transcription platform option. Healthcare customers are urged to contact their account executive, account manager, or support for dial-in information.

According to a Nuance company fact sheet, the company’s healthcare solutions are deployed in 86 percent of all U.S. hospitals. More than 500,000 clinicians and 10,000 healthcare facilities worldwide use the company’s clinical documentation solutions.

In another development, some cybersecurity researchers have announced that Petya, or NotPetya as some call it, is not a ransomware attack and said that victims should not pay the ransom as they will not be able to restore or decrypt their files. Matt Suiche founder of security firm Comae Technologies posted on SecureList saying that this version of Petya is a “disguised wiper” and not ransomware. “The goal of a wiper is to destroy and damage. The goal of ransomware is to make money. Different intent. Different motive. Different narrative. A ransomware has the ability to restore its modification such as (restoring the MBR like in the 2016 Petya, or decrypting files if the victim pays) — a wiper would simply destroy and exclude possibilities of restoration, wrote Matt Suiche with Comae Technologies.

Researchers from Kaspersky Labs also confirmed that they believe Petya is a wiper and not ransomware. “After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain. Instead, it appears it was designed as a wiper pretending to be ransomware,” wrote Anton Ivanov and Orkhan Mamedov in a post on SecureList.

Further, the Kaspersky Labs researchers concluded, “That means that the attacker cannot extract any decryption information from such a randomly generated string displayed on the victim, and as a result, the victims will not be able to decrypt any of the encrypted disks using the installation ID.”

And, they wrote, “What does it mean? Well, first of all, this is the worst-case news for the victims – even if they pay the ransom they will not get their data back. Secondly, this reinforces the theory that the main goal of the ExPetr attack was not financially motivated, but destructive.”

Some services at Heritage Valley Health System, based in Beaver, Pennsylvania, continue to be hampered by the effects of Tuesday’s cyber attack. The health system announced Thursday, on its website, that all lab and diagnostic services at neighborhood and community locations would remain closed for the second consecutive day as it worked to fully rectify the issue.

The incident at Heritage Valley affected the entire health system, including two hospitals and satellite and community locations scattered across western Pennsylvania, and the health system took its IT systems down, officials at Heritage Valley Health System stated on its website. The health system serves four Pennsylvania counties as well as parts of Ohio and West Virginia.

2018 Philadelphia Health IT Summit

Renowned leaders in U.S. and North American healthcare gather throughout the year to present important information and share insights at the Healthcare Informatics Health IT Summits.

May 21 - 22, 2018 | Philadelphia



Study: 9 in 10 Clinicians to Use Mobile Devices at Bedside by 2022

A recent study indicates a rising adoption in clinical mobility in hospitals and clinicians increasingly see mobile devices as improving the quality of patient care and reducing medication administration errors.

AMGA Survey: Value-Based Care Driving C-Suite Compensation Incentives

A recent survey by the American Medical Group Association (AMGA) of executive and leadership compensation reveals several trends, including that incentive compensation plays an important role in increases and value-based care is driving executive compensation incentives.

Set to Launch in May, All of Us Research Program Gets 15 New Engagement Partners

The National Institute of Health’s (NIH) “All of Us” Research Program now has 15 more community organizations and healthcare provider associations that have signed on to raise awareness about the program and its potential to advance precision medicine.

Report: Advanced Hacker Group, Orangeworm, Targeting Healthcare Industry

A new attack group, dubbed Orangeworm, is conducting targeted cyber attacks against healthcare organizations in the United States, Europe and Asia, according to a new report from researchers at cybersecurity firm Symantec.

EHR Capabilities Impact Patient Satisfaction Levels, Report Finds

Electronic health record (EHR) technology and the ways that providers use it to communicate with their colleagues and with patients is affecting how satisfied consumers are with their hospital organizations, according to a new Black Book market research.

A New Massachusetts Study Finds Consumers Slow to Make Use of Cost Estimate Tools

A new report has found that, even as health insurers in Massachusetts, under pressure to provide cost-estimating tools for their members, are giving them more information, plan members are still largely not taking advantage of new tools