(Bloomberg) -- Many doctors still can’t use a transcriptionservice made by Nuance Communications Inc. three weeks after thecompany was hit by a powerful, debilitating computer attack.

Hospital systems including Beth Israel Deaconess in Boston andthe University of Pittsburgh Medical Center said eScription, aNuance staple product that allows physicians to dictate notes froma telephone, still isn’t functioning. The outage obliterateddoctors’ instructions to patients, forcing some to revert to penand paper.

The computer virus, called Petya, has sent ripples throughhealth care, among the last industries to make the switch todigital record keeping and one of the most frequently targeted byhackers, said Michael Ebert, a partner with KPMG who advises healthand life-science companies on cybersecurity.

“Health care has been late to respond to the need for protectedinformation, and the information is worth more,” Ebert said. “It’samazing how far behind we are, and we know we have to dosomething.”

Hackers increasingly use viruses to encrypt companies’information systems, unlocking the data only when a ransom is paid.After the Petya attack began in late June, companies fromOreo-maker Mondelez International Inc. to Reckitt Benckiser GroupPlc warned of a blow to their sales. Information systems used byFedEx Corp.’s TNT unit may never fully recover, the shippingcompany said Monday.

Nuance shares were down 2.3 percent to $17.14 at 10:57 a.m. inNew York. They’ve dropped about 6 percent since June 27, when theattack began.

The University of Pittsburgh Medical Center, a system of 25hospitals and 3,600 doctors, said that its dictation andtranscription services are still affected “with no estimated timeof resolution.” The nonprofit is using features of medical recordssystems made by Cerner Corp. and closely held Epic Systems in theinterim, said Ed McCallister, the Pittsburgh system’s chiefinformation officer.

When the hack hit in June, the virus spread quickly. Ebert saidone of his clients stood in a parking lot with a bullhorn, pleadingwith employees not to turn on computers, lest the virus spread intothem. Another saw 100 workstations infected in an hour. Others shutdown their entire systems, painstakingly starting computers one byone offline to see whether they had been tainted.

After acknowledging June 28 that portions of its network wereaffected, Nuance, based in Burlington, Massachusetts, is stillpicking up the pieces. In addition to transcription, Nuancenamed about 10 other affected products, including those used forradiology, billing and software that tracks quality of care.

About half of the company’s $1.95 billion in revenue came fromits health-care and dictation business last year. The malwareattack represents a big risk for Nuance, as many of its customersuse products that appear to have been affected, according toBloomberg Intelligence analyst Mandeep Singh.

“Any time there is a cyberattack and a company is exposed tothat threat, that presents both reputational risk as well as therisk from disruption,” he said. “Since a lot of the deals getsigned toward the end of the quarter, the timing of it could haveimpacted certain deal closures.”

Enhancing Security

Nuance said it has been fixing affected systems, enhancing security and bringing customers backonline. The company declined to say how many clients were affectedby the attack.

“We are doing everything within our power to support ourhealth-care customers and provide them with the information andresources they need to provide quality patient care, includingoffering an alternative system and solutions,” company spokesmanRichard Mack said Wednesday in an email. “We have no indicationthat any customer information has been lost or removed from thenetwork.”

Other Products

The loss of service is an invitation to customers to seek otherproducts and vendors, such MModal, a Nuance rival. Even thoughIntermountain Health Care, a Salt Lake City-based company thatoperates 22 hospitals, wasn’t affected, it turned off all itsNuance products and is using other transcription tools, said DaronCowley, a spokesman.

At Beth Israel Deaconess, a Harvard-affiliated hospital, doctorswho have been accustomed to using Nuance’s telephone-based productare switching to its Dragon system, where physicians dictate into acomputer, making edits as they go.

That still means lost revenue for Nuance. While thecomputer-based product is a single software purchase, Nuance billsfor eScription by line of text. So far, it’s been three weeks ofrevenue they can’t get back, and more users may drop away, saidJohn Halamka, Beth Israel’s chief information officer.

“The hardest thing for a clinician is a change in workflow,” hesaid. “If you’ve changed for a couple of weeks, you might not goback.”

Nuance has done well to try to maintain customers in theaftermath of the attack, KPMG’s Ebert said, but the damage hasalready been done.

“They’re probably going to have a bad quarter,” he said.