Enzo Biochem, a biotechnology company renowned for producing and distributing DNA-based tests designed to identify viral and bacterial diseases, has recently confirmed in a filing with the Securities and Exchange Commission (SEC) that it fell victim to a ransomware attack.
The malicious cyber assault has exposed the confidential information of 2.47 million patients, including names, test information and 600,000 Social Security numbers.
“Once again, we see the healthcare industry hit by another ransomware attack,” commented Darren James, senior product manager at Specops Software. “So far, we only know that patient data was compromised; there is still a question mark around lost employee data and details of how the attackers accessed the network.”
Read more on attacks targeting healthcare: Phishing Top Threat to US Healthcare
Enzo Biochem said that in response to the attack, it implemented containment measures according to its disaster recovery plan, including disconnecting the affected systems from the internet. The company also launched an investigation with the assistance of third-party cybersecurity experts and promptly notified law enforcement authorities.
Enzo Biochem said its operations had been maintained despite the attack, and its facilities remain open, enabling the continued provision of services to patients and partners.
At the same time, the company confirmed the ransomware attack has resulted in significant expenses, including costs related to incident response, remediation and investigation.
“Biotechnology companies, such as Enzo, are a critical component of the fight against cancer and other viral and bacterial diseases,” explained Sean McNee, vice president of research and data at DomainTools.
“Because this data is extremely sensitive, including people’s health information and SSNs, affected individuals will need to be vigilant in monitoring for possible online identity theft from this ransomware incident. People should check their credit reports for suspicious entries and also place freezes and fraud alerts on their accounts.”
The firm said it discovered the breach on April 11 2023, while the SEC Form 8-K was signed on behalf of Enzo Biochem by Hamid Erfanian, its chief executive officer, on May 30 2023.
Just weeks before the Enzo Biochem incident, NextGen Healthcare, a provider of electronic health record software, disclosed that its systems were compromised by hackers who successfully obtained the personal information of over one million patients.