Judge tosses Heritage Valley lawsuit against software firm
Heritage Valley Health System has lost its initial bid to hold a software company liable for a 2017 malware attack that locked up network computers and caused millions of dollars in damage to the three-hospital network in Beaver and Allegheny counties.
U.S. District Court Judge Robert J. Colville on Aug. 13 dismissed the three-count civil lawsuit that the health system filed in 2019 against Burlington, Mass.-based Nuance Communications Inc. over a 2017 malware attack that seized HVHS operations by blocking access to patient records and files stored on health system hard drives.
Nuance and its wholly owned subsidiary Dictaphone Corp., which Heritage Valley Health System began contracting with in 2003 for on-demand voice transcription services, were explicitly exempted from product liability involving “external parties,” according to the ruling.
The lawsuit was dismissed with prejudice, preventing Heritage Valley Health System from amending the complaint. “Needless to say, we are disappointed with the ruling,” the heath system said in a statement Monday.
The attack by malware dubbed NotPetya began around 7:30 a.m. June 27, 2017, and affected the entire health system, including satellite offices, according to the lawsuit. The damage caused by the attack was “immediate and substantial.”
Heritage Valley Health System claimed that Nuance sacrificed “security protections and governance oversight” for rapid international expansion of the company, which included 50 corporate acquisitions since 2006.
A forensic analysis showed that the malware entered Heritage Valley Health System through a Nuance computer connection in Ukraine, which was the target of the NotPetya Russian military-launched cyberattack.