Cyber Incident Victim: Tenx Systems
Date:
Apr 2019
Location:
United States of America
Summary
A ransomware attack compromised a software provider serving assisted living facilities, potentially exposing personal and protected health information of residents and staff. The breach involved unauthorized system access followed by ransomware deployment, which disrupted operations until services were restored using backups. Forensic analysis could not confirm specific data exfiltration due to the attackers' obfuscation techniques, though exposed information may have included names, Social Security numbers, and medical records. Notifications were issued to all potentially affected individuals as a precautionary measure despite the indeterminable scope. The provider implemented enhanced security measures and engaged forensic specialists during the response.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 9, 2019, Tenx Systems, LLC operating as ResiDex Software detected a ransomware attack that compromised its server infrastructure, forcing systems offline. The company specialized in providing software to assisted living facilities and care organizations across Minnesota, including Arlington Place, Glenwood Estates, and 38 other named entities. ResiDex immediately initiated restoration efforts using backups and migrated servers to a new hosting provider, achieving near-seamless service restoration within the same day. Concurrently, the company engaged a forensic investigation firm to analyze the breach. Investigators determined unauthorized actors first accessed ResiDex's systems on April 2, 2019, with ransomware deployed one week later on April 9. While system functionality was rapidly recovered, ResiDex implemented additional safeguards to strengthen its software infrastructure against future compromises.
The forensic examination could not conclusively identify which specific individuals had data compromised due to the attack's complexity and perpetrator efforts to obscure their activities. Potentially exposed information included protected health information (such as medical records) and personal data (including names and Social Security numbers) of current, former, or prospective residents and staff affiliated with the Facilities as of April 9, 2019. ResiDex acknowledged that not all individuals associated with the Facilities necessarily had information accessed but initiated notification letters on June 7, 2019, to all potentially affected parties out of caution. Impacted individuals were directed to a dedicated inquiry line operational on weekdays. The incident involved medical and personal data stored within ResiDex's software platform but did not compromise Facilities' independent systems according to available evidence.