Fraud Management & Cybercrime , Healthcare , Industry Specific

Lab Testing Firm Says Ransomware Breach Affects 2.5 Million

Clinical Test Info, SSNs Exfiltrated, Company Tells SEC
Lab Testing Firm Says Ransomware Breach Affects 2.5 Million
Image: Enzo Biochem

Ransomware hackers stole the clinical test information of nearly 2.5 million individuals from a New York life sciences company, the company told federal regulators.

See Also: OnDemand | Leveraging Automation to Reduce Third Party and Supply Chain Risk in Healthcare

Enzo Biochem in a Tuesday filing with the U.S. Securities and Exchange Commission said its investigation into a ransomware attack experienced on April 6 concluded that hackers had accessed or acquired the clinical test information of 2.47 million patients, as well as 600,000 Social Security numbers.

Farmingdale, New York-based Enzo provides testing services - including for novel coronavirus, genetic conditions, and sexually transmitted diseases - as well as treatments for cancers and metabolic and infectious diseases. The company in its SEC filing said it "incurred and may continue to incur" expenses related to the attack, including costs to remediate and investigate the incident.

Enzo did not provide the SEC with a dollar estimate for the projected financial impact of the attack.

Earlier Disclosure

Enzo already filed a notice with the SEC on April 15, disclosing that the company had suffered the April 6 ransomware attack.

In that earlier regulatory filing, Enzo said its facilities remained open, and it continued to provide services to its patients and partners using backup processes and other downtime procedures.

The company activated its disaster recovery plan, allowing it to continue operations while it brought its systems back online, it told regulators.

Backup procedures nonetheless created operational challenges and caused delays in the processing of laboratory specimens, Enzo said.

Enzo did not immediately respond to Information Security Media Group's request for additional details about the incident, including the type of ransomware involved in the attack and whether a ransom was demanded or paid.

Enzo is one of many large companies servicing the healthcare sector to report a major data breach involving ransomware in recent weeks.

"These sorts of incidents are just generally concerning," said privacy and security attorney Brad Rostolsky of the law firm Reed Smith.

When clinical testing and other related highly personal health information is exfiltrated, "the facts and parties become more complicated, due to a higher-than-usual likelihood that the individuals involved are dealing with incredibly sensitive healthcare situations," he said.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.