Biotech company Enzo Biochem will pay $4.5m to settle regulatory charges for its poor security processes leading to a cyberattack in April 2023, according to New York’s attorney general.
The attack compromised the patient data of 2.4 million patients including social security numbers and health histories as well as other patient information.
The settlement made yesterday (13 August) with New York, New Jersey and Connecticut resolved claims that Enzo did not adequately safeguard patients’ personal and private health information, said New York attorney general Letitia James.
“Getting blood work or medical testing should not result in patients having their personal and health information stolen by cybercriminals” James said in a statement.
Enzo Biochem, which develops, manufactures and markets products for clinical research, drug development and medical research, began alerting patients to the breach in June 2023.
Documents signed by the company reveal that cyber criminals accessed the organisation’s network with two log-in credentials that were shared by five Enzo employees – one that had not changed in a decade.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataMalware was installed onto several systems by attackers which went undetected for several days as the manufacturer did not monitor for suspicious activity at the time.
Prior to and as part of the settlement, Enzo is increasing its cyber security measures including stronger password requirements, two-factor authentication, encrypting personal information, and developing a plan to respond faster to cyberattacks – proving that simple tactics for cyber defense can still be effective.
Approximately 1.46 million New York patients were affected including 405,000 with compromised social security numbers, the scale of data breach means New York is set to receive $2.8m from the settlement.
The attorney general decision comes a week after Mary Tagliaferri MD resigned from her position on the Board of Directors for Enzo to pursue other opportunities.
Enzo is yet to comment on the settlement.