Ransomware Attack Affects More than 60 Assisted Living Facilities

A provider of software for assisted living communities has experienced a ransomware attack that has affected more than 60 facilities that use the software.

Tenx Systems, doing business as ResiDex Software, said the attack occurred on April 9, 2019 and affected its server infrastructure.

Rapid action was taken to move the servers to a new hosting provider and files were seamlessly recovered from backups the same day as the attack. No ransom was paid.

A forensic investigation was launched to determine whether any files had been accessed or other malicious actions had been performed by the attackers. The investigation revealed its servers were first compromised on April 2, 2019, 7 days prior to the deployment of ransomware.

While extortion through file encryption may have been the main aim of the attack, it is possible that the attackers gained access to names, Social Security numbers, and medical records contained in the ResiDex system.

It was not possible to establish which, if any, records were subjected to unauthorized access due to the complexity of the attack and the steps taken by the attackers to conceal their activities.

Notifications are now being sent to all affected individuals, which are spread across Massachusetts, Minnesota, Missouri and Tennessee.

The number of individuals affected has not been publicly disclosed and the incident has yet to appear on the HHS’ Office for Civil Rights Breach Portal.

Prescription Information of 78,000 U.S. Patients Exposed Online

Security researchers at vpnMentor have discovered a freely accessible database of patient prescription information that contains records relating to more than 78,000 U.S. patients who use the prescription medication Vascepa.

Vascepa is a drug used to lower triglycerides for individuals on low-cholesterol and low fat diets. The MongoDB database had been left unprotected allowing the following information to be viewed without authentication: Names, addresses, telephone numbers, email addresses, pharmacy information, prescribing doctor, NPI number, NABP E-profile number, and other personally identifiable data.

The records appeared to have come from a company called PSKW, which provides patient and provider messaging, co-pay, and assistance programs for healthcare organizations via a service named ConnectiveRX.

vpnMentor has reported the breach PSKW, although it is currently unclear to whom the database belongs.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.