St. Luke's Health Systems in Boise, Idaho announced a data breach involving Nuance Communications. Nuance utilizes software made by a third-party company, Progress Software Corporation, to exchange files related to clinical documentation services provided to health systems, including St. Luke’s. The software, MOVEit Transfer, is widely used by organizations to transfer files.
In late May 2023, Progress Software notified Nuance about a previously unknown vulnerability in its software that allowed an unauthorized third party to take information from the MOVEit Transfer software. In August, after gathering all relevant information, Nuance informed St. Luke's about this incident and that some personal health information of approximately 4,679 patients may have been exposed.
Nuance has mailed letters directly to impacted individuals. At this time, there is no evidence to suggest patient information has been misused.