Cyber Incident Victim: Residex Software
Date:
Apr 2019
Location:
United States of America
Summary
A ransomware attack compromised the software provider's server infrastructure, forcing systems offline and potentially exposing protected health information and personal data—including medical records, names, and Social Security numbers—belonging to current, former, or prospective residents and staff of assisted living facilities and care organizations. The forensic investigation confirmed unauthorized system access occurred days prior to the ransomware deployment but could not identify specific impacted individuals due to the attack's complexity and deliberate obfuscation by the perpetrators. The provider restored services using backups, migrated to a new hosting provider, and notified all potentially affected parties as a precautionary measure while enhancing system safeguards.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 9, 2019, ResiDex Software (operating as Tenx Systems, LLC) discovered a ransomware attack that compromised its server infrastructure, forcing systems offline. The company immediately initiated restoration efforts using backups and migrated operations to a new hosting provider, achieving near-seamless service restoration within the same day. Forensic investigators later determined unauthorized actors first accessed ResiDex's systems on April 2, 2019, with ransomware deployed one week later. The incident potentially exposed protected health information (PHI) and personal data—including medical records, names, and Social Security numbers—belonging to current, former, and prospective residents and staff members across 46 assisted living facilities and care organizations that utilized ResiDex's software. Affected entities included Arlington Place, Good Samaritan Society, Presbyterian Homes and Services, and multiple Diamond Willow Assisted Living locations among others. ResiDex implemented additional security safeguards following the breach and retained a forensic firm to assess the compromise's scope and identify impacted individuals.
The investigation could not definitively determine which specific individuals had data compromised due to the attack's complexity and perpetrator efforts to conceal activities. ResiDex notified all potentially affected parties starting June 7, 2019—nearly two months post-incident—out of caution, despite acknowledging that not every individual's information was necessarily accessed. Exposed data included all resident and staff records present in ResiDex systems as of April 9, 2019. The company established a dedicated call center for inquiries and emphasized no evidence of actual misuse of personal information. Impacted facilities spanned Minnesota care providers serving elderly, disabled, and assisted living populations, though the forensic review found no conclusive evidence about data exfiltration or targeting of particular records. ResiDex expressed regret for concerns caused while maintaining its restoration efforts preserved operational continuity for client facilities.