On Aug. 7, 2023, St. Luke’s Health System, based in Boise, Idaho, was notified of a cybersecurity incident involving Nuance Communications. Nuance utilizes software made by a third-party company, Progress Software Corporation, to exchange files related to clinical documentation services provided to health systems, including St. Luke’s. The software, MOVEit Transfer, is widely used by organizations to transfer files.
On May 31, 2023, Progress Software notified Nuance about a previously unknown vulnerability in its software that allowed an unauthorized third party to take information from the MOVEit Transfer software. Following notification of this incident, Nuance immediately took steps to secure its systems and launched an investigation. In August, after gathering all relevant information, Nuance informed St. Luke's about this incident and that some personal health information of approximately 4,679 patients may have been exposed.
Nuance has mailed letters directly to impacted individuals. At St. Luke’s, privacy and safety of our patients is our highest priority, and in addition to support and communication provided by Nuance, we are taking additional steps to support impacted individuals. While there is no indication that financial or payment information was compromised in this breach, we are offering complimentary identity theft protection services through data breach and recovery services experts IDX, a ZeroFox Company. Impacted individuals may refer to the letters they received in the mail from St. Luke’s for additional information.
At this time, there is no evidence to suggest patient information has been misused.
For questions and additional information, impacted individuals who received a letter from Nuance may contact Nuance’s toll-free call center 888-988-0380, Monday through Friday between 7 a.m. and 4:30 p.m. Mountain Time. Please also see Nuance’s public notice regarding this incident, which can be found online at nuance.com/moveit.
St. Luke’s regrets that this happened and for any inconvenience that it may have caused.