Nuance the Latest NotPetya Victim to Report Financial Impact

Medical Transcription Software Vendor Still Recovering From Attack

Medical transcription software vendor Nuance is the latest company to acknowledge that it’s still struggling to recover from the recent global NotPetya ransomware attacks and will see a dip in its financial performance as a result.

It’s been weeks since the NotPetya ransomware attacks hit organizations worldwide. But some companies are still struggling to recover, including some that admit their financial results will be hurt by the disruption to their businesses and ability to service customers. Medical transcription software vendor Nuance is the latest.

On July 21, the Waltham, Massachusetts-based company issued a financial statementwarning Wall Street analysts that its fiscal 2017 Q3 and likely Q4 revenue and earnings results would be negatively impacted by the June 27 ransomware attack. Nearly a month after the attack, the company is still trying to restore all its services to customers. Most impacted has been its medical transcription services business.

Among Nuance customers affected by the service disruption is Beth Israel Deaconess Health System in Boston.

“The lesson learned is that Nuance needs to have a more distributed computing environment – and their senior staff have told me they are planning to embrace the public cloud,” says John Halamka, CIO at Beth Israel Deaconess.

Other Victims

The announcement by Nuance follows a similar one from package delivery giant FedEx. The Memphis, Tennessee-based company said on July 17 in a form 10-K annual report filing with the U.S. Securities and Exchange Commission that “2018 results will be negatively affected by our TNT Express integration and restructuring activities, as well as the impact of the TNT Express cyberattack.”

Other companies are also reportedly still struggling to fully recover from the NotPetya attacks include thet Danish conglomerate Maersk and pharmaceutical giant Merck.

But the disruption won’t impact Merck’s bottom line, the company says in a statement provided to Information Security Media Group. “We don’t expect to see any appreciable impact on second quarter results. We have made good progress in our response to the June 27 global cyber attack. We have implemented business continuity plans and continue to ship orders and meet patients’ needs. We and our external partners see no indication that the company’s data have been compromised.”

The outbreak of NotPetya – aka SortaPetya, Petna, ExPetr, GoldenEye, Nyetya, Diskcoder.C – followed just six week after the outbreak of WannaCry malware. Both targeted flaws in Microsoft Windows that the software giant has since patched (see Ransomware Smackdown: NotPetya Not as Bad as WannaCry).

“Not Petya signaled a new paradigm shift as attackers are willing to launch attacks specifically to disrupt and destroy IT assets and data,” says Mac McMillan, president of the security consultancy Cynergistek.

Nuance’s admission that the ransomware attack is affecting its financial performance may be a first for a company serving the healthcare sector. “We have had [healthcare] companies and providers make such reports from other breaches, but I believe this is the first we’ve seen as a result of ransomware,” McMillan notes.

Continue reading…