The U.S. House Energy and Commerce Committee is requesting that Nuance Communications executives provide more information about the malware incident, called NotPetya, that impacted the company, along with multinational companies in 65 countries, back in June.
U.S. Representative Greg Walden (R-Oregon), chair of the Energy and Commerce Committee, sent a letter to Nuance Communications chairman and CEO Paul Ricci requesting a formal briefing to the Committee, by Nov. 2, about the circumstances surrounding Nuance’s initial infection by NotPetya, as well as what steps it has taken to recover and resume full capabilities.
Nuance Communications, a Burlington, Mass.-based technology company, provides cloud-based dictation and transcription service to hospitals and health systems, and portions of Nuance’s network was impacted by the June 27 malware incident, which includes a significant part of its services to healthcare organizations. The company announced late in July, a month after the NotPetya malware attack, that it finally had restored service to the majority of its clients on its flagship transcription platform.
In the letter Walden wrote that while Nuance has announced that impacted services have been fully restored, the company’s original infection and its effects adds to the growing list of concerns about the potential consequences of cyber threats to the health care sector. “It is important, therefore, for the Committee to understand the details of this event so we can work together to ensure appropriate lessons are identified and addressed. Learning from this event will not only benefit the health care sector, but also the millions of patients who depend on the availability of products and services,” Walden wrote.
When the malware incident occurred, Nuance said it initiated an emergency shut down of its global network and suspension of all data backups to limit the spread of the malware within its systems. Walden noted in his letter that while this response protected Nuance’s systems from additional damage, it also prevented the use of Nuance’s services by those in the health care sector who depend on them for transcription and dictation, for periods ranging from days to weeks.
“While Nuance was not the only company to suffer degraded capabilities due to the June 27 outbreak, Nuance’s role as a transcription and dictation provider for a large percentage of the health care sector sets its infection and subsequent availability issues apart and raises the possibility of more serious aftereffects for the health care sector as a whole,” Walden wrote.