Trends
Enzo Biochem paid $4.5M to settle regulatory charges
Enzo Biochem will pay $4.5 million to settle regulatory allegations and had exited the clinical laboratory testing business last August.
Headline
Enzo Biochem will pay $4.5 million to settle regulatory allegations and had exited the clinical laboratory testing business last August.
Context
OUR TAKE The damage caused by cyberattacks due to lax security protocols is immeasurable at all levels. Taking this as a warning, all major companies should pay attention to adequately protecting their own information and that of their users. If we fail to address the technical loopholes at the root of the problem, continuously improve the system and raise the awareness of practitioners, the problem of information leakage will eventually affect the overall security and stability of society. — Iydia Ding, BTW reporter Lax security protocols at Enzo Biochem led to a cyberattack in April 2023 that compromised the social security numbers , health histories and other information of about 2.4 million patients. Approximately 1.46 million New Yorkers were affected, of whom approximately 405,000 had their Social Security numbers compromised. New York will receive $2.8 million from the settlement.
Evidence
Pending intelligence enrichment.
Analysis
New York State Attorney General Letitia James said Tuesday’s settlement with New York, New Jersey and Connecticut resolves allegations that Enzo failed to adequately protect patients’ personal and private health information. The company will pay $4.5 million to resolve the regulators’ allegations. Cyber attackers accessed the biotech’s network using two login credentials shared by five Enzo employees, one of which had not been changed in a decade. As part of the settlement, Enzo is beefing up security, including requiring stronger passwords and two-factor authentication, encrypting personal information, and developing plans to respond more quickly to cyberattacks. The company exited the clinical laboratory testing business in August last year. Also read: Computer security vs. information security: What’s the difference? Also read: Protecting your data in the digital age: The most pressing cybersecurity threats
Key Points
- The social security numbers, health histories and other information of about 2.4 million patients were compromised. The company exited clinical lab testing last August.
- Enzo is bolstering security, including by requiring stronger passwords and two-factor authentication, encrypting personal information, and developing a plan to respond to cyberattacks faster.
Actions
Pending intelligence enrichment.
