A second wave of cyberattacks has reached US hospitals and companies like Nuance Communication that provide vital services to the healthcare industry.

Nuance is a major provider of voice and language tools, including medical transcription services. On June 27th, Nuance customers took to Twitter to complain about trouble with the Dragon Medical 360 tool, which allows users to dictate medical notes directly into the electronic health record.

As Nuance called on experts to contain the outbreak, we saw how efficiency-creating services like automated dictation also complicate healthcare cybersecurity.

The most recent wave of attacks were initially identified as a strain of ransomware, similar to the WannaCry epidemic that affected over 200,000 computers across 150 countries in May. But researchers found that the latest virus – variously called Petya, NotPetya or ExPetr – is actually a wiper malware masquerading as ransomware.

Much like WannaCry, Petya is spread through emails with attached infected Microsoft Office documents, which execute a worm that spreads to other computers. But unlike ransomware the primary goal of Petya is to damage and destroy data.

Identifying the malware as a wiper rather than ransomware has important implications. First of all, paying the ransom probably won’t restore your files. By masquerading as a ransomware, the virus also models an approach that may be more successful at disrupting critical infrastrucure and key systems like healthcare. As Matt Suiche of Comae Technologies explained shortly after the attack, “The goal of a wiper is to destroy and damage. The goal of ransomware is to make money. Different intent. Different motive. Different narrative.”

So far, there have been over 2,000 attacks in 65 countries. The hardest-hit US entities are Massachusetts-based Nuance along with biopharma giant Merck and a large Pennsylvania health system.

Downing Nuance’s dictation services is no small problem for US hospitals. Nuance’s healthcare solutions are deployed in 86 percent of all US hospitals, and more than 500,000 clinicians and 10,000 healthcare facilities worldwide use the company’s clinical documentation solutions.

While Nuance’s Dragon Medical 360 tool was down for at least two days, the company offered customers alternative dictation services.

According to Lee Kim, Director of Privacy and Security at HIMSS North America, healthcare organizations should learn from the malware campaign and consider implementing the following best practices:

  1. Use the principle of least privilege – employees should be given the least amount of access to perform their job function.
  2. Regularly patch systems for old and new vulnerabilities – the success of Petya was in part due to unmatched systems, and institutions should keep firmware, operating systems and programs up-to-date.
  3. Regularly backup and validate data, programs, files and system information.
  4. Avoid opening suspicious links or attachments.


Comments are closed.