Breach, Threat Management, Data Security, Malware, Ransomware

Ransomware attack on software company ResiDex may have exposed data on assisted-living residents, workers

Personal information belonging to residents and employees of multiple assisted living facilities were potentially exposed in an April 2019 cyberattack that infected third-party software company Tenx Systems, LLC with ransomware.

The Minneapolis-based company, which operates under the name ResiDex Software and provides software to assisted-living homes, group facilities and care-giving organizations for seniors and the disabled, reported in a press release yesterday that an authorized party accessed its systems on April 2, 2019 and subsequently launched a ransomware assault on April 9.

Recovery from the ransomware itself was swift, according to the company. "ResiDex immediately undertook efforts to restore its servers to a new hosting provider," the news release said. "Backups and other information maintained by ResiDex were used to enable near seamless restoration of security and services on the same day.  Additionally, ResiDex took affirmative steps to further safeguard its software systems."

However, the same attacker who spread the ransomware may have also accessed the personal data and protected health information of prospective, former and current residents and staff members of the facilities using ResiDex. Exposed information includes medical records that existed on ResiDex's software as of April 9, 2019, plus names and Social Security numbers.

ResiDex tasked a forensic investigations firm to look into the incident, but the firm "was unable to identify any specific individuals whose personal information and/or protected health information may have been compromised due to the complexity of the event and efforts undertaken by the perpetrators to conceal their actions," explained the release, which was spotted and reported on by DataBreaches.net.

The release lists out several dozen facilities that use the software and possibly could have been affected.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.