Cyber Incident Victim: Nuance Communications, Inc.
Date:
Jun 2017
Location:
United States of America
Summary
A cyberattack attributed to the NotPetya malware caused widespread disruptions, including significant operational impacts on Nuance Communications, a software provider critical for electronic medical record creation in U.S. hospitals. The company's systems experienced prolonged failures, leaving healthcare facilities unable to generate patient records for over a week during the incident. This attack originated through compromised Ukrainian accounting software but caused global collateral damage, exploiting vulnerabilities in Microsoft systems using tools allegedly stolen from the NSA. Multiple multinational corporations faced severe consequences—production lines halted, data wiped without recovery options, and supply chain disruptions that forced revised financial forecasts. The incident highlighted systemic risks from nation-state cyber tools proliferating to criminal actors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 6 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The NotPetya cyberattack, first observed on or around June 27, 2017, began with a targeted intrusion against Ukrainian entities on the eve of the country's Constitution Day holiday. Attackers compromised a Ukrainian accounting software package called M.E.Doc, which served as the initial infection vector. This malware rapidly propagated globally through multinational corporate networks with Ukrainian business connections, exploiting vulnerabilities in Microsoft Windows systems using EternalBlue and other hacking tools originally developed by the U.S. National Security Agency and leaked by the Shadow Brokers group. Within minutes of infection, the wiper malware encrypted and destroyed data across thousands of systems worldwide, causing immediate operational paralysis at numerous organizations.
Nuance Communications, a critical provider of electronic medical record software to U.S. healthcare facilities, experienced severe system disruptions that persisted for over a week. Hospitals relying on Nuance's platforms lost the ability to create or access patient electronic records during this period. The attack caused widespread collateral damage beyond Ukraine's borders, simultaneously crippling major corporations including Mondelez International, where 30,000 endpoints were destroyed and global production lines halted—including a Cadbury factory in Tasmania. Reckitt Benckiser reported $130 million in lost sales due to manufacturing and distribution failures, while law firm DLA Piper implemented graduated system restoration with enhanced security safeguards. Forensic investigations by cybersecurity firms like AlienVault revealed the attack's unprecedented destructive capability against organizations lacking robust security practices, with data recovery proving impossible for many affected systems due to inadequate backups. International responses included NATO discussions about potentially invoking Article 5 collective defense provisions and U.S. officials publicly questioning whether Russian state actors orchestrated the attack despite collateral damage to Russian entities like oil company Rosneft. Microsoft executives called for greater responsibility from intelligence agencies regarding the weaponization of stolen cyber tools.