Enzo Biochem, a biotechnology company famous for creating and distributing DNA-based tests designed to identify viral and bacterial diseases, recently announced in filings with the Securities and Exchange Commission (SEC) has admitted to being the victim of a ransomware attack.
The malicious cyberattack exfiltrated confidential information of 2.47 million patients, including names, test information and 600,000 social security numbers.
“The healthcare industry is hit again by ransomware attacks,” said Darren James, senior product manager at Specops Software. “So far, we only know that patient data was compromised. There are still question marks about what employee data was lost and the details of how the attacker gained access to the network.”
Read more about attacks targeting healthcare: Phishing is the number one threat to US healthcare
Enzo Biochem said it responded to the attack by implementing containment measures according to its disaster recovery plan, including disconnecting affected systems from the internet. The company also enlisted the help of third-party cybersecurity experts to launch an investigation and immediately notified law enforcement.
Enzo Biochem said its operations were maintained despite the attack, its facilities remained open and it was able to continue to provide services to its patients and partners.
At the same time, the company admitted that the ransomware attack had incurred significant costs, including costs related to incident response, remediation and investigation.
“Biotech companies like Enzo are an important factor in the fight against cancer and other viral and bacterial diseases,” explains Sean McNee, vice president of research and data at DomainTools.
“Since this data is highly sensitive, such as people’s health information and SSNs, affected individuals should be vigilant for potential online identity theft due to this ransomware incident. People should check their credit reports for suspicious entries and issue account freezes and fraud alerts.”
The company said it discovered the violation on April 11, 2023 and that the SEC Form 8-K was signed on May 30, 2023 by Enzo Biochem CEO Hamid Erfanian on behalf of Enzo Biochem.
Just weeks before the Enzo Biochem incident, NextGen Healthcare, a provider of electronic medical records software, revealed that its systems had been compromised by hackers who had managed to obtain the personal information of over one million patients.
