Personal data from North Carolina’s biggest hospital systems, including UNC, Duke, Atrium and ECU, may have been stolen as part of a massive international cyber attack discovered earlier this year. 

Nuance Communications, a health care software company, was hit as part of a hack on another company, Progress Software’s MOVEit service, which the company used to transfer patient information, Nuance said in a statement Friday.

What You Need To Know

  •  More than a dozen hospital systems and health care providers may have had personal data stolen in a ransomware attack

  •  The attack hit software used by Nuance Communications, a vendor for many hospitals

  •  Law enforcement and cybersecurity researchers say the attack came from a criminal group likely based in Russia

  • The company has set up a hotline for people with questions at  (888) 988-0380, and said those effected should monitor their accounts and credit reports

“Nuance Communications used MOVEit to exchange files with certain customers and business partners and was, unfortunately, one of the thousands of organizations impacted by Progress Software’s vulnerability,” the company said. 

The breach happened May 28 and 29, Nuance said in a notice dated Sept. 15.

The data includes “individual demographic information and information about services received,” according to the company. 

“When Progress Software disclosed the incident on May 31, 2023, Nuance immediately took steps to secure systems and launched an investigation, which was conducted by experienced cybersecurity experts,” Nuance said. 

In a statement, Duke Health officials said, “Duke University Health System received a notice from a vendor, Nuance Communications, that its product for sharing radiology images with other facilities and providers used MOVEit software, and experienced unauthorized access to Nuance’s database. Nuance has issued a notice with details about the Nuance incident.”

Nuance said it will contact people whose data may have been stolen in the attack.

“UNC Health takes the privacy and security of our patients’ information seriously, and we cooperated with Nuance Communications when we learned of their breach,” UNC Health spokesman Alan Wolf said Monday.

“We encourage any patients who received notification from Nuance, and who have further questions or concerns, to contact the Nuance toll-free call center at (888) 988-0380,” he said.

According to Nuance, the hospitals systems and medical providers hit in the attack are:

  • Duke University Health System
  • UNC Health
  • Atrium Health
  • Novant Health, Inc.
  • Novant Health New Hanover Regional Medical Center
  • WakeMed Health & Hospitals
  • University Health Systems of Eastern Carolina, Inc. (ECU Health)
  • Catawba Valley Medical Center
  • Charlotte Radiology, PA
  • DLP Central Carolina Medical Center, LLC
  • FirstHealth of the Carolinas, Inc.
  • Mission Health System
  • Wake Radiology Diagnostic Imaging, Inc.
  • West Virginia University Health System

“ECU Health values patient safety and confidentiality. Nuance, a third-party health care technology vendor, notified ECU Health about a data breach that impacts some hospitals in North Carolina, including a limited number of ECU Health patients. This breach does not involve ECU Health’s electronic health record or other internal systems," ECU Health said in a statement.

"ECU Health has been informed that Nuance is required to make direct notification to patients to provide guidance and support. Further information regarding the breach Nuance’s notification to impacted patients can found on Nuance’s website,” ECU said.

The attack came from a ransomware gang known as CL0P, according to the FBI and the federal Cybersecurity and Infrastructure Security Agency. 

Researchers say the group is likely based in Russia. The county is home to a number of criminal groups that specialize in ransomware, a type of software that encrypts data and holds it for ransom. 

Ransomware attacks are not new, but they have been growing in number and sophistication in recent years. The attacks have hit almost every sector of the United States economy, from small businesses to major multinational corporations.  

The highest profile ransomware attack in North Carolina was the Colonial Pipeline hack in May 2021. That attack shut down the pipeline that supplied much of the gasoline for the East Coast, causing panic buying and gas shortages in many communities.

"Individuals should remain vigilant against incidents of identity theft and fraud, review account statements, and monitor their free credit reports for suspicious activity and to detect errors," Nuance said. People can get a free copy of their credit report at, by calling (877) 322-8228.