Nuance, a healthcare tech company reports MOVEit breach, data of multiple hospitals impacted

Nuance, a healthcare technology company owned by Microsoft reported a significant international security breach earlier this year. The breach is caused by the vulnerability in the MOVEit managed file transfer platform used by Nuance to collaborate with client hospitals.

By breaching the MOVEti instance, Cyber criminals may have successfully accessed personal data from major hospitals in North Carolina.

In their official statement on Friday, Nuance disclosed that personal data might have been compromised at several North Carolina healthcare institutions, including:

• Atrium Health, a healthcare system giant based in Charlotte.
• Catawba Valley Medical Center in Hickory.
• Duke University Health System.
• DLP Central Carolina Medical Center in Sanford.
• ECU Health based in Greenville.
• FirstHealth of the Carolinas based in Pinehurst.
• Mission Health System based in Asheville.
• Novant Health based in Winston-Salem.
• Novant Health New Hanover Regional Medical Center in Wilmington.
• UNC Health based in Chapel Hill.
• Wake Radiology Diagnostic Imaging based in Raleigh.
• WakeMed Health & Hospitals based in Raleigh.
• Indiana University Health.

No details are available about the number of impacted individuals.

Update -  On 25th of September Nuance notified more than 1.2 million individuals of the breach.

Compromised data included details about the services individuals received and their demographic information. Nuance clarified that they were one of the many organizations affected by a vulnerability in Progress Software, and they took immediate action to secure their systems as soon as the incident was disclosed on May 31. The company engaged cyber security experts, including an external law firm, to investigate the incident and promptly installed patches as they became available.

Nuance has implemented new information security tools and procedures and advised people to stay vigilant against potential incidents of identity theft and fraud.

Officials recommended that individuals carefully review their account statements and closely monitor their free credit reports for any suspicious activities.