Five employees of the biotechnology company provided two log-in credentials with cyberattackers, one of which had not been changed in ten years, according to an assurance of discontinuation signed by Enzo.
Enzo Biochem has agreed to pay $4.5 million in order to resolve regulatory claims that inadequate security procedures aided in an April 2023 cyberattack that exposed Social Security numbers, medical records, and other data for roughly 2.4 million patients. Attorney General of New York Letitia James announced that Enzo had settled with New York, New Jersey, and Connecticut on Tuesday, resolving allegations that the company had not sufficiently protected patients’ sensitive health information.
Five employees of the biotechnology company provided two log-in credentials with cyberattackers, one of which had not been changed in ten years, according to an assurance of discontinuation signed by Enzo. The Farmingdale, New York-based company took several days to find that malware had been put on multiple systems by the attackers, as they had not kept an eye out for any unusual activity.
Enzo is enhancing security both before and after the settlement, among other things by mandating two-factor authentication and stronger passwords, encrypting personal data, and creating a plan to react to breaches more quickly.
In June 2023, Enzo started notifying patients about the incident. A total of 1.46 million New Yorkers were impacted, of whom around 405,000 had their Social Security information stolen. The settlement will give $2.8 million to New York.
“Getting blood work or medical testing should not result in patients having their personal and health information stolen by cybercriminals,” James stated in a statement. An attempt to reach Enzo for comment was met with no response at all. Last August, the business stopped doing clinical lab testing.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.