A computer malware program is often called a virus for a reason. Like its biological namesake, malware can spread quickly and cause serious harm. When it comes to health, people often are afraid of viruses because they don’t understand what they are or how they work.
The same is true for malware. There has been a lot of confusion and misinformation circulating about the NotPetya malware incident that affected Nuance and thousands of other companies on June 27. And, unfortunately, there are some in our industry who may have spread misinformation about the incident, Nuance, and other affected companies, for their own gain.
To set the record straight about the impact of the NotPetya malware on Nuance:
- No Nuance customer information has been altered, lost or removed by the malware.
- We have no indication that any file contents on affected Nuance systems have been viewed by unauthorized parties.
- We have seen no evidence that customer data or PHI files were encrypted in this incident.
- Nuance has determined that the Incident constitutes a “security incident” for purposes of the HIPAA Security Rule, but does not constitute a breach of unsecured PHI for purposes of the Breach Notification Rule. More details and our working conclusion can be found here.
- And unlike some malware, patching alone would not have stopped the propagation of NotPetya.
I’m pleased to report that thanks to our knowledgeable and dedicated staff—who have worked with unbelievable intensity and purpose since June 27—we are restoring client functionality quickly and safely and working to continue earning client trust. Our momentum is strong, and we are moving rapidly to complete a recovery process for all affected clients.
At the same time, we are enhancing our security against similar future incidents to ensure we emerge from this incident with a safer and more secure operating environment.
I am gratified that despite some confusion about this malware, our clients have been clear in their support, expressing understanding and loyalty. In fact, many clients have encouraged us to keep going, let us know they’re standing with us, and told us that we’re in this together.
I could not agree more.
Follow us on LinkedIn and Twitter to learn more about the facts.