Nuance Communications Inc. Data Breach

NOTICE: If you received a Notice of Data Breach letter from Nuance Communications Inc. (“Nuance”), contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

On or about September 22, 2023, Nuance, announced that they suffered a data breach impacting consumers who were patients at various healthcare facilities that Nuance provided software solutions to (the “Notice”). Nuance, in this Notice, informed consumers that their Personally Identifiable Information (“PII”) was accessed and downloaded by unauthorized individuals when these unauthorized individuals exploited a vulnerability in their vendor’s software application (“Data Breach”). Nuance, learned of the Data Breach on or around May 31, 2023 when they were informed that one of its vendors, Progress Software, announced a vulnerability in its software application named MOVEit Transfer.

On or about September 22, 2023, Nuance, disclosed that “On May 31, 2023, Progress Software told us about a previously unknown vulnerability in their software that allowed an unauthorized third party to take information from the MOVEit Transfer software.” It further detailed that on various dates it confirmed that personal information of various consumers was among the information taken. Nuance then notified the healthcare provider whose patients were among the impacted individuals and, sometime later, sent the Notice to the consumers themselves. Nuance has stated that the PII accessed by the unauthorized individuals includes, but is not limited to, individuals’ “Social Security numbers, dates of birth, medical record numbers, gender, information about radiology studies received including the practitioner’s name, healthcare facility name, date of service(s) provided, description of services provided, and the study report.”

Nuance is a multinational computer software company that provides software solutions to, among other industries, healthcare facilities. Nuance is based in Burlington, Massachusetts and employs roughly 8000 employees, and in 2022 had revenues in excess of $1.9 billion. According to Nuance’s public announcement, approximately 1,200,000 individuals throughout the United States were exposed. If you received a Notice of Data Breach Letter from Nuance then you were impacted by the Data Breach.

Nuance stated in the announcement that it plans to offer credit monitoring and identity protection services to victims of the Data Breach through Equifax Credit Watch for two years.

WHAT INFORMATION IS INVOLVED?

According to Nuance, the following information, among others was exposed:

• Name
• Social Security number
• Date of Birth
• Medical record number
• Gender
• Information about radiology studies received including the practitioner’s name, healthcare facility name, date of service(s) provided, description of services provided, and the study report

This information is called your Personally Identifiable Information (“PII”). It tells others about you and is considered part of your identity. Businesses are required to secure this information or risk facing statutory penalties, among other legal penalties. Stolen PII can be used by identity thieves to engage in fraudulent activity using your identity.

The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible. California offers extra protections and legal rights to its residents through the California Consumer Privacy Act (“CCPA”) and/or the California Medical Information Act (“CMIA”).

NOTICE: If you received a Notice of Data Breach letter from Nuance, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.