Nuance Communications announces data breach affecting healthcare

Image via Unsplash

St. Luke's Health Systems in Boise, Idaho announced a data breach involving Nuance Communications. Nuance utilizes software made by a third-party company, Progress Software Corporation, to exchange files related to clinical documentation services provided to health systems, including St. Luke’s. The software, MOVEit Transfer, is widely used by organizations to transfer files.

In late May 2023, Progress Software notified Nuance about a previously unknown vulnerability in its software that allowed an unauthorized third party to take information from the MOVEit Transfer software. In August, after gathering all relevant information, Nuance informed St. Luke's about this incident and that some personal health information of approximately 4,679 patients may have been exposed.

Nuance has mailed letters directly to impacted individuals. At this time, there is no evidence to suggest patient information has been misused.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.