MongoDB database for special patients hit with ransomware

January 27, 2020
mongodb ransomware medical records data breach

A software provider for assisted living communities has experienced a ransomware attack that has affected more than 60 facilities that use the software with MongoDB database.

Tenx Systems, doing business as ResiDex Software, said the attack occurred on April 9, 2019 and affected its MongoDB server infrastructure. Rapid action was taken to move the servers to a new hosting provider and files were seamlessly recovered from backups the same day as the attack. No ransom was paid.

Local authorities have initiated a deep forensic investigation to find out whether any files had been accessed or other malicious actions had been performed by the attackers. The investigation revealed its servers were first compromised on April 2, 2019, 7 days prior to the deployment of the ransomware.

While extortion through file encryption may have been the main aim of the attack, it is possible that the attackers gained access to names, Social Security numbers, and medical records contained in the ResiDex system. It was not possible to establish which, if any, records were subjected to unauthorized access due to the complexity of the attack and the steps taken by the attackers to conceal their activities.

Notifications are being deployed to all affected individuals, which are spread across cities, mainly – Massachusetts, Minnesota, Missouri and Tennessee. The number of individuals affected has not been publicly disclosed and the incident has yet to appear on the HHS’ Office for Civil Rights Breach Portal.


Cyber security experts from a Private Security firm have discovered a freely accessible database of patient prescription information that contains records relating to more than 78,000 U.S. patients who use the prescription medication Vascepa.


Vascepa is a drug used to lower triglycerides for individuals on low-cholesterol and low fat diets. The MongoDB database had been left unprotected allowing the following information to be viewed without authentication: Names, addresses, telephone numbers, email addresses, pharmacy information, prescribing doctor, NPI number, NABP E-profile number, and other personally identifiable data.

The sensitive medical records appeared to have come from another software provider company called PSKW, which provides patient and provider messaging, co-pay, and assistance programs for healthcare organizations via a service named ConnectiveRX.

About the author

Leave a Reply