One of the biggest breaches of 2023 involves the 0-day attack by Clop threat actors on file transfer software called MOVEit by Progress Software. The attack was launched in May and June. It affected more than 1,100 entities and more than 56 million people according to statistics compiled by Emsisoft.
One of the most recent victim disclosures was made by Nuance, which is a Microsoft-owned technology firm. Its notice stated it was disclosing on behalf of a number of medical entities:
- Atrium Health, the Charlotte-based health care system giant.
- Catawba Valley Medical Center in Hickory.
- Charlotte Radiology.
- Duke University Health System.
- DLP Central Carolina Medical Center in Sanford.
- Greenville-based ECU Health.
- Pinehurst-based FirstHealth of the Carolinas.
- Asheville-based Mission Health System.
- Winston-Salem-based Novant Health.
- Novant Health New Hanover Regional Medical Center in Wilmington.
- Chapel Hill-based UNC Health.
- Raleigh-based Wake Radiology Diagnostic Imaging.
- Raleigh-based WakeMed Health & Hospitals.
Nuance did not disclose the total number affected in its notice, but if it files a notice with HHS on behalf of the same entities, we will then have a number.
Clop threat actors have leaked some of the data they stole from Nuance, and it is not clear how much more data they may have that they will also leak.