Enzo Biochem, a New York-based biotech company, has confirmed that a ransomware attack exposed the clinical testing information of nearly 2.5 million patients.
Enzo, which makes and sells DNA-based tests to detect viral and bacterial diseases, including COVID-19 and cancer, confirmed in an SEC filing this week that it suffered a ransomware attack. April 6. While he was able to stay operational by disconnecting his systems from the Internet, Enzo said he discovered on April 11 that hackers were able to access and exfiltrate sensitive data from company systems.
That includes clinical test information for 2,470,000 people and about 600,000 social security numbers, according to Enzo. The company added that it was continuing to investigate whether its employees’ information had also been accessed.
“The company remains subject to risks and uncertainties as a result of the incident, including due to data that has been accessed or exfiltrated from the company’s network,” Enzo CEO Hamid Erfanian said. in the SEC filing. “In addition, security and privacy incidents have resulted in, and may continue to result in, additional regulatory scrutiny. The Company is in the process of assessing the extent of the costs and related impacts of this incident. »
Enzo did not reveal how he was compromised or whether he received a ransom demand from the hacking group responsible, and company spokesperson Lynn Granito did not return TechCrunch’s request for comment. As of this writing, it does not appear that any well-known ransomware group has claimed responsibility for the attack.
Enzo Biochem is the latest in a long line of medical companies to have suffered a sensitive data breach in recent months. PharMerica, one of the largest pharmaceutical service providers in the United States, confirmed in May that hackers stole the personal data of 5.8 million current and deceased people, including social security numbers and information. on drugs and health insurance.
Earlier this week, Managed Care of North America (MCNA) Dental – one of the largest dental insurers in the United States – confirmed that the personal information of nearly nine million people had been compromised following a ransomware attack on its systems.