MOVEit Hackers Intercept Data and SSNs from Nuance Communications
- By Steven
- Oct 02, 2023
Nuance Communications is a Microsoft-owned software solutions provider employing more than 6,500 people. Nuance controls industry-defining AI, which professionals may use to fully automate tasks, such as entering and manipulating medical records. Many of Nuance’s clients are hospitals, clinics, and health centers in the southeast of the US; those who have received medical services in these areas are now at risk following the most recent MOVEit data breach.
How Did the Attack Occur?
The attack on Nuance Communications was part of the broader assault suffered by Progress Software’s MOVEit Transfer software. MOVEit transfers files and data from a starting location and pushes them to a secure goal destination. The attackers used these transfer paths to intercept the information from a zero-day within Progress Software’s application. Although the vulnerability has since dissolved, many institutions are only just discovering the impacts. While the attack did not impact Nuance’s internal systems, millions of individuals may have had their sensitive data exposed.
What Information was Viewed or Stolen?
The attack on Nuance Communications may have targeted medical and personal information within the MOVEit file system. According to Nuance’s statement, the details exposed may range from a person’s name to their physical information, health identifiers, practitioner information, or diagnoses. Hackers may have stolen an estimated 1.2+ million Social Security Numbers during the attack. The stolen data may be misused by hackers or sold to others for compensation. If the attack potentially exposed your data during this breach, you should take precautions immediately.
How Did Nuance Communications Admit to the Breach?
Nuance Communications learned of the attack on May 31, 2023; they immediately contacted authorities and cybersecurity experts before starting to notify individuals of their potential exposure. If you’ve received a notification of exposure from Nuance, you need to mitigate possible impacts immediately.
What Will Become of the Stolen Information?
Hackers will likely use the stolen information for fraudulent crimes in the future—but no one can anticipate specifics. The hackers may use the stolen personal details to commit financial, identity, insurance, or medical fraud. Others may use the data to steal benefits from insurance companies or expose medical histories for exploitable gain.
What Should Affected Parties Do in the Aftermath?
Since discovering the breach, Nuance has attempted to notify more than 1.2 million people of their potential data exposure. If you are one of the many who have had details stolen, you must take immediate action to protect yourself. Start by hiring an identity or credit monitoring service to protect your assets from further exposure. Follow this up by requesting an Explanation of Benefits from your medical provider. Signs of medical fraud include services and medication orders that were not received and unusual insurance limitations.
Hackers may also use the information for phishing scams at a later date. Never surrender personal details, including bank, hospital, diagnoses, or medications, online, over text, email, or phone. Protect yourself from most data-related threats by taking proactive steps before the next breach.