IU Health announced today that its imaging exchange vendor, Nuance Communications (Nuance), discovered a security incident involving Nuance’s use of MOVEit Transfer software, which has recently reported a security vulnerability. The incident did not affect any systems or applications beyond the MOVEit application and none of Nuance’s solutions were impacted.
On August 4, 2023, Nuance notified IU Health of its security incident. Nuance immediately took steps to secure its systems, launched an investigation alongside outside experts and applied security industry guidance as they became available. Nuance determined that an unauthorized party accessed files on the MOVEit Transfer application between May 28 and 29, 2023. The impacted data included limited information of certain IU Health patients who received radiology services, including name, date of service and reason and description of service.
Nuance began notifying affected IU Health patients on September 22, 2023. To help prevent similar incidents from happening in the future, Nuance implemented and is continuing to implement new security tools, processes, and procedure to further strengthen the security of its IT system environments.