I’m writing to alert readers about a recent potential breach of personal information for all businesses served by ResiDex software. This includes current and former residents of all Elim Care assisted living communities. While it is entirely possible that personal information and/or protected health information may not have been compromised as a result of the incident, we take resident privacy very seriously, and it is important to us that our clients are made fully aware of a potential privacy issue. We have taken several steps to mitigate the situation, as discussed below.
On April 9, 2019, Tenx Systems, LLC d/b/a ResiDex Software (“ResiDex”), a business associate and software provider for Elim Care’s medical records system, became aware of a data security incident, including ransomware, which impacted its server infrastructure and took its systems offline. ResiDex immediately undertook efforts to restore its servers to a new hosting provider. Backups and other information maintained by ResiDex were used to enable near seamless restoration of security and services on the same day. Additionally, ResiDex took affirmative steps to further safeguard its software systems. ResiDex simultaneously retained a forensic investigation firm to determine the nature of the security compromise and identify any individuals whose personal information and/or protected health information may have been compromised.
Ultimately, the forensic investigation was inconclusive and was unable to identify specific individuals whose personal information and/or protected health information may have been compromised due to the complexity of the event and efforts undertaken by the perpetrators to conceal their actions. The investigation did determine that first access to ResiDex’s systems occurred on approximately April 2, 2019, with the ransomware launched on April 9, 2019.
The data security incident may have resulted in unauthorized access to protected health information, including medical records that existed on ResiDex’s software as of April 9, 2019, and/or personal information including names and social security numbers.
Once again, it is entirely possible that no personal information and/or protected health information of any resident, past or current, was compromised as a result of the incident. Nonetheless, we have provided each resident with a similar notice and are providing this notification in an abundance of caution.
We recommend that all past and current residents of our facility take immediate steps to protect themselves. This may include calling the toll-free numbers of any one of the three major credit bureaus (below) to place a fraud alert on their credit report.
Equifax: 1-800-685-1111; www.equifax.com;
Experian: 1-888-EXPERIAN (397-3742); www.experian.com;
TransUnion: 1-888-909-8872; www.transunion.com.
Additionally, ResiDex is offering all past and current residents of our facility a free two-year membership to a credit monitoring service.
We take very seriously our role of safeguarding both current and past residents’ personal information and using it in an appropriate manner. We apologize for the stress and worry this situation has caused all of our residents and we are doing everything we can to rectify the situation. Please contact us at (612) 238-5215 or via email at firstname.lastname@example.org with questions and concerns about this matter.