Subscribe to Newsletters

Curated Content | Thought Leadership | Technology News

Poor Security Policy Leads to a $4.5 Million Fine for Biotechnology Company

A costly compliance failure.
Ryan Uliss
Contributing Writer
Password text behind torn paper background. Stock photo.

Enzo Biochem, Inc., (NYSE: ENZ) a biotechnology company specializing in diagnostic testing services, has agreed to a $4.5 million settlement following a cyberattack in April 2023 that exposed the personal and health information of approximately 2.4 million patients. The settlement was negotiated after an investigation uncovered severe deficiencies in the company’s data security practices.

A key finding of the investigation was that two login credentials, shared among five employees, had not been updated or changed in over a decade. This outdated and insecure practice created a significant vulnerability, making it easy for cybercriminals to infiltrate Enzo’s systems and steal sensitive data, including Social Security numbers and medical histories.

Compounding these issues, the company’s failure to implement effective monitoring systems allowed the attackers to remain undetected for several days, which significantly worsened the breach’s impact.

Why It Matters: This year has seen a disturbing rise in cyberattacks targeting healthcare facilities and laboratories responsible for safeguarding patient data. Enzo Biochem is the latest victim, now facing substantial financial and reputational damage due to its outdated and insufficient security practices. Their story of negligence should serve as a cautionary tale to others. Beyond the massive fine, this breach raises a critical concern: future patients may begin to question whether a routine diagnostic test could come with the hidden risk of having their personal information exposed to cybercriminals.

  • Data Breach Details: In April 2023, a cyberattack on Enzo Biochem compromised the personal information of 2.4 million patients. The breach was facilitated by shared and outdated employee login credentials, which allowed attackers to install malware and access sensitive data undetected for several days.
  • Settlement Breakdown: Enzo Biochem has agreed to pay $4.5 million to settle regulatory charges brought by the attorney generals of New York, New Jersey, and Connecticut. New York will receive $2.8 million of the settlement, with the remaining amount distributed between New Jersey and Connecticut.
  • Cybersecurity Failures: The investigation revealed significant lapses in Enzo’s data security, including the absence of multi-factor authentication, inadequate password management, and a lack of real-time monitoring systems to detect unauthorized access.
  • Broader Implications: This case is part of a larger effort by the state’s attorney general Letitia James to improve data security practices across various industries, highlighting the increasing regulatory scrutiny on companies that handle sensitive information.

Go Deeper -> Enzo Biochem to Pay $4.5 Million Settlement Over Cybersecurity Failures Leading to Data Breach – The Cyber Express

Enzo Biochem to Pay $4.5 Million over Cyberattack, NY Attorney General says – AOL.com

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters