Excerpt from The Cyber Express Article, Published on Aug 14, 2024.
Enzo Biochem, Inc., a biotechnology company, agreed to a $4.5 million settlement over cybersecurity failures leading to a significant data breach in April 2023. The Enzo Biochem data breach compromised personal and health information of 2.4 million patients, including Social Security numbers and medical histories. The settlement was reached with the attorneys general of New York, New Jersey, and Connecticut after investigations revealed serious lapses in Enzo’s data security practices.
New York Attorney General Letitia James highlighted the severe risk to patients due to Enzo’s inadequate security measures. The cyberattack exploited outdated login credentials shared among employees, allowing attackers to install malicious software and steal sensitive data unnoticed for days. The breach affected 1,457,843 New York residents.
Enzo Biochem’s settlement includes several stringent measures to enhance cybersecurity and prevent future breaches. These include implementing a comprehensive information security program, enforcing access control policies, and requiring multi-factor authentication for all user accounts. Additionally, Enzo must adopt strong password management protocols, encrypt all personal information, conduct annual risk assessments, and maintain a robust incident response plan.
New York will receive $2.8 million of the settlement, with the remainder distributed between New Jersey and Connecticut. This case serves as a critical reminder to healthcare companies about the importance of robust data security measures. Ensuring the protection of patient information is crucial to preventing fraud and identity theft.
The Enzo Biochem data breach underscores the need for vigilant cybersecurity practices within the healthcare industry. This settlement not only holds Enzo accountable but also sets a precedent for other companies to prioritize data protection and comply with the highest standards of security.
To delve deeper into this topic, please read the full article on The Cyber Express.
