Minneapolis Software Firm ResiDex Reports Data Breach

Minneapolis Software Firm ResiDex Reports Data Breach

The breach may have exposed personal and health information of staff and residents at some elderly care facilities, though an investigation could not determine specifics.

ResiDex Software, a Minneapolis-based software company that serves group homes and other elderly care entities, last week disclosed it was the victim of a data security breach.

The incident affected ResiDex’s servers and took systems offline. The breach involved ransomware, which is a type of software designed to lock out users of a computer system or data until a ransom is paid.

A forensic investigation determined the breach first occurred around April 2, and ransomware was launched April 9. The breach may have exposed personal and/or protected health information and medical records of current, former, or prospective residents of ResiDex-utilizing facilities. However, investigators weren’t able to determine specifically who—if anyone at all—was affected.

The company noted it’s possible no one was impacted.

“ResiDex and the facilities understand the importance of protecting the protected health information and personal information maintained on its systems and deeply regrets any concern that this may have caused the potentially impacted individuals,” the company said in a statement.

ResiDex—whose Minnesota clients include Glenwood Estates, Brookstone Manor, Good Samaritan Society, Serenity Assisted Living & Memory Care, and dozens more facilities—began informing potential attack victims of the breach on June 7.

ResiDex didn’t disclose how the attack began. Ransomware usually is unleashed through phishing emails or by someone visiting an infected website, according to the U.S. Department of Homeland Security’s Cyber and Infrastructure Security Agency.

The software company says that as soon as it became aware of the breach, it began countermeasures to restore its servers, moving them to a new hosting provider. Backups and other tools were also used to restore security and services on the same day of the attack. The company deployed additional safeguard measures, too.

An outside forensic investigation firm was hired to examine the incident. ResiDex says the investigation was unable to determine specifics “due to the complexity of the event and efforts undertaken by the perpetrators to conceal their actions.”

ResiDex did not respond to requests for more information by press time.