House Committee Presses Nuance Executives on NotPetya Attack | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

House Committee Presses Nuance Executives on NotPetya Attack

October 20, 2017
by Heather Landi
| Reprints

The U.S. House Energy and Commerce Committee is requesting that Nuance Communications executives provide more information about the malware incident, called NotPetya, that impacted the company, along with multinational companies in 65 countries, back in June.

U.S. Representative Greg Walden (R-Oregon), chair of the Energy and Commerce Committee, sent a letter to Nuance Communications chairman and CEO Paul Ricci requesting a formal briefing to the Committee, by Nov. 2, about the circumstances surrounding Nuance’s initial infection by NotPetya, as well as what steps it has taken to recover and resume full capabilities.

Nuance Communications, a Burlington, Mass.-based technology company, provides cloud-based dictation and transcription service to hospitals and health systems, and portions of Nuance’s network was impacted by the June 27 malware incident, which includes a significant part of its services to healthcare organizations. The company announced late in July, a month after the NotPetya malware attack, that it finally had restored service to the majority of its clients on its flagship transcription platform.

In the letter Walden wrote that while Nuance has announced that impacted services have been fully restored, the company’s original infection and its effects adds to the growing list of concerns about the potential consequences of cyber threats to the health care sector. “It is important, therefore, for the Committee to understand the details of this event so we can work together to ensure appropriate lessons are identified and addressed. Learning from this event will not only benefit the health care sector, but also the millions of patients who depend on the availability of products and services,” Walden wrote.

When the malware incident occurred, Nuance said it initiated an emergency shut down of its global network and suspension of all data backups to limit the spread of the malware within its systems. Walden noted in his letter that while this response protected Nuance’s systems from additional damage, it also prevented the use of Nuance’s services by those in the health care sector who depend on them for transcription and dictation, for periods ranging from days to weeks.

“While Nuance was not the only company to suffer degraded capabilities due to the June 27 outbreak, Nuance’s role as a transcription and dictation provider for a large percentage of the health care sector sets its infection and subsequent availability issues apart and raises the possibility of more serious aftereffects for the health care sector as a whole,” Walden wrote.

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Allscripts Acknowledges Ransomware Attack, Says Impact is “Limited”

Health IT vendor Allscripts has acknowledged that it is investigating a ransomware incident that has impacted a limited number of its applications.

AHRQ to Fund Patient Safety Learning Laboratories

The federal Agency for Healthcare Research Quality plans to spend up to $5 million in fiscal 2018 to support as many as eight patient safety learning laboratories.

RCM Global Software Market to Hit $43.3B by 2022, Report Finds

The global market for healthcare revenue cycle management software is estimated to reach $43.3 billion by the end of 2022, according to a report from Future Market Insights (FMI).

Global Open Source HIT Project Gets $1M Donation From Cryptocurrency Philanthropy

OpenMRS, Inc., an open source medical records platform used in developing countries, has received a $1 million donation from the Pineapple Fund, an $86 million cryptocurrency philanthropy created by an anonymous donor known only as “Pine.”

Media Reports: Massive Data Breach of Norwegian Health Authority Could Impact 3 Million Patients

International media outlets are reporting that a hacker or hacker group breached the systems of Norway’s Health South East EHF, potentially compromising the healthcare data of nearly 3 million patients, or about half of Norway’s population.

Healthcare Groups Call for Improvements to Prior Authorization Process

A collaborative of healthcare organizations, including the American Medical Association, the American Hospital Association, and the Medical Group Management Association, released a joint statement this week calling for improved prior authorization procedures, including automating the process to improve transparency and efficiency.