Enzo Biochem fined $4.5 million for data breach that affected over 2.4m patients

Enzo Biochem, a biotechnology company and a pioneer in molecular diagnostics, has agreed to pay $4.5 million for failing to protect the sensitive personal information of its patients during a 2023 ransomware attack.

 

Last year, in a 8-K filing with the U.S. Securities and Exchange Commission, Enzo Biochem said that threat actors on April 6 targeted its internal network with a ransomware attack that affected a number of systems.

 

The Company promptly deployed containment measures, including disconnecting its systems from the internet, launched an investigation with assistance from third-party cybersecurity experts, and notified law enforcement about the same.

 

In a separate announcement, Enzo Biochem said that the Social Security numbers of approximately 600,000 individuals were compromised as a result of the incident.

 

Recently, New York Attorney General Letitia James, along with attorneys general of Connecticut and New Jersey, said that the company failed to adequately safeguard the personal and private health information of its patients and has secured $4.5 million from Enzo Biochem.

 

“The Office of the Attorney General (OAG) found that Enzo had poor data security practices, which led to a ransomware attack that compromised the personal and private information of approximately 2.4 million patients, including more than 1.4 million New York residents.

 

“As a result of today’s agreement, Enzo will pay $4.5 million, of which New York will receive $2.8 million, and will strengthen its data security practices,” reads the announcement.

 

In a statement shared with the media, Attorney General James, said, “Getting blood work or medical testing should not result in patients having their personal and health information stolen by cybercriminals.

 

“Health care companies like Enzo that do not prioritize data security put patients at serious risk of fraud and identity theft. Data security is part of patient safety, and my office will continue to hold companies accountable when they fail to protect New Yorkers,” she added.