- The social security numbers, health histories and other information of about 2.4 million patients were compromised. The company exited clinical lab testing last August.
- Enzo is bolstering security, including by requiring stronger passwords and two-factor authentication, encrypting personal information, and developing a plan to respond to cyberattacks faster.
OUR TAKE
The damage caused by cyberattacks due to lax security protocols is immeasurable at all levels. Taking this as a warning, all major companies should pay attention to adequately protecting their own information and that of their users. If we fail to address the technical loopholes at the root of the problem, continuously improve the system and raise the awareness of practitioners, the problem of information leakage will eventually affect the overall security and stability of society.
— Iydia Ding, BTW reporter
What happened
Lax security protocols at Enzo Biochem led to a cyberattack in April 2023 that compromised the social security numbers, health histories and other information of about 2.4 million patients. Approximately 1.46 million New Yorkers were affected, of whom approximately 405,000 had their Social Security numbers compromised. New York will receive $2.8 million from the settlement.
New York State Attorney General Letitia James said Tuesday’s settlement with New York, New Jersey and Connecticut resolves allegations that Enzo failed to adequately protect patients’ personal and private health information. The company will pay $4.5 million to resolve the regulators’ allegations.
Cyber attackers accessed the biotech’s network using two login credentials shared by five Enzo employees, one of which had not been changed in a decade. As part of the settlement, Enzo is beefing up security, including requiring stronger passwords and two-factor authentication, encrypting personal information, and developing plans to respond more quickly to cyberattacks. The company exited the clinical laboratory testing business in August last year.
Also read: Computer security vs. information security: What’s the difference?
Also read: Protecting your data in the digital age: The most pressing cybersecurity threats
Why it’s important
Due to the large amount of customer information that Enzo Biochem has, this internet attack reached an extremely wide range of people and was extremely damaging to both the company itself and its users.
In an era where the artificial intelligence industry is booming, unpredictable information leaks can have a significant impact on people’s safety. Cyber-attacks due to lax security protocols can cause a host of problems such as economic and social stability.
Taking this as a warning, all major companies should take care to adequately protect their own information and that of their users. If the technical loopholes cannot be addressed at the root, the system continuously improved and the awareness of practitioners raised, the problem of information leakage will eventually affect the overall security and stability of society.
