Add yet one more business associate to those affected by the Clop attack on Progress Software MOVEiT. Nuance has disclosed that it was affected by the May attacks.
Although no number was revealed, the Microsoft-owned technology firm stated it was disclosing on behalf of:
- Atrium Health, the Charlotte-based health care system giant.
- Catawba Valley Medical Center in Hickory.
- Charlotte Radiology.
- Duke University Health System.
- DLP Central Carolina Medical Center in Sanford.
- Greenville-based ECU Health.
- Pinehurst-based FirstHealth of the Carolinas.
- Asheville-based Mission Health System.
- Winston-Salem-based Novant Health.
- Novant Health New Hanover Regional Medical Center in Wilmington.
- Chapel Hill-based UNC Health.
- Raleigh-based Wake Radiology Diagnostic Imaging.
- Raleigh-based WakeMed Health & Hospitals.
Read more at Yahoo! News
A check of Clop’s leak site today indicates that Clop has leaked what they describe as a 50-part Part 1 of data from Nuance. They do not indicate the total amount of data they acquired or when they might leak more, but the fact that Nuance is listed and at least partially leaked indicates that Nuance declined to pay any extortion demand from Clop. Whether any specific covered entities were contacted by Clop and agreed to pay is unknown to DataBreaches.
Update 1 (September 19):
On September 18, St. Luke’s Health System in Idaho issued its own notice that said it had been notified by Nuance of the breach, and that it affected 4,679 of their patients. You can read the notice on its website.