MA: ResiDex Software discloses ransomware incident affecting clients’ patients’ protected health information

And yet another ransomware incident. They do not disclose the number of patients who were notified about this. Of note, sounds like their recovery was pretty smooth because they were prepared.

BOSTON, June 18, 2019 /PRNewswire/ — Tenx Systems, LLC d/b/a ResiDex Software (“ResiDex”) specializes in providing software for assisted living homes, group homes, and organizations providing care for the elderly or disabled, including Youville House, Youville Place and Wingate Healthcare (collectively “the Facilities”).  ResiDex recently identified and addressed a security incident that may have involved personal information and/or protected health information of the current, former or prospective residents and/or staff members of the Facilities.  ResiDex began providing notice on June 7, 2019 to all individuals potentially impacted by this incident.  This release describes the incident, outlines measures that ResiDex has taken in response, and advises potentially impacted individuals on steps that they may take to further protect their information.

On April 9, 2019, ResiDex became aware of a data security incident, including ransomware, which impacted our server infrastructure and took our systems offline.  ResiDex immediately undertook efforts to restore its servers to a new hosting provider.  Backups and other information maintained by ResiDex were used to enable near seamless restoration of security and services on the same day.  Additionally, ResiDex took affirmative steps to further safeguard its software systems.  ResiDex simultaneously retained a forensic investigation firm to determine the nature of the security compromise and identify any individuals whose personal information and/or protected health information may have been compromised.

The forensic investigation was unable to identify any specific individuals whose personal information and/or protected health information may have been compromised due to the complexity of the event and efforts undertaken by the perpetrators to conceal their actions.  The investigation did determine that first access to ResiDex’s systems occurred on approximately April 2, 2019, with the ransomware launched on April 9, 2019.

The data security incident may have resulted in unauthorized access to protected health information, including medical records that existed on ResiDex’s software as of April 9, 2019, and/or personal information including names and social security numbers.  Please note that it is entirely possible that any one individual who is/was a current, former or prospective resident or staff member of the Facilities did not have their personal information and/or protected health information compromised as a result of the incident.  Nonetheless, notification has been provided to all potentially impacted individuals in an abundance of caution.

Individuals who have received a notification or who believe that they may have potentially been impacted by this incident are invited to contact (877) 347-0184 between 9:00 a.m. and 9:00 p.m. Eastern Standard Time, Monday through Friday.  ResiDex and the Facilities understand the importance of protecting the protected health information and personal information maintained on its systems and deeply regrets any concern that this may have caused the potentially impacted individuals.

SOURCE Tenx Systems, LLC d/b/a ResiDex Software

About the author: Dissent