Enzo Biochem: Ransomware Attack Exposes Clinical Data of 2.5M Patients. – Global Village Space | #ransomware | #cybercrime

Enzo Biochem, a biotechnology company based in New York, has confirmed that a ransomware attack has exposed the clinical test information of almost 2.5 million patients. The company, which manufactures and sells DNA-based tests to detect viral and bacterial diseases including COVID-19 and cancer, experienced the attack on April 6. Although it was able to remain operational by disconnecting its systems from the internet, Enzo discovered on April 11 that hackers were able to access and exfiltrate sensitive data from the company’s systems. This includes clinical test information of 2,470,000 individuals and approximately 600,000 Social Security numbers. The company is still investigating whether its employees’ information may have also been accessed.

Enzo CEO Hamid Erfanian said in an SEC filing that “The Company remains subject to risks and uncertainties as a result of the incident, including as a result of the data that was accessed or exfiltrated from the Company’s network. Additionally, security and privacy incidents have led to, and may continue to lead to, additional regulatory scrutiny. The Company is in the process of evaluating the full scope of the costs and related impacts of this incident.”

Enzo did not reveal how it was compromised or whether it received a ransom demand from the hacking group responsible. At the time of writing, it doesn’t appear any well-known ransomware group has claimed responsibility for the attack.

Enzo Biochem is the latest in a long line of medical companies to experience a breach of sensitive data in recent months. PharMerica, one of the largest pharmacy service providers in the United States, confirmed in May that hackers had stolen the personal data of 5.8 million current and deceased individuals, including Social Security numbers and medication and health insurance information. Earlier this week, Managed Care of North America (MCNA) Dental — one of America’s largest dental health insurers — confirmed that the personal information of almost nine million individuals had been compromised following a ransomware attack on its systems.

The rise in cyberattacks on medical companies is a cause for concern. The healthcare industry is particularly vulnerable to cyberattacks due to the large amount of sensitive data it holds. Medical records are a valuable commodity on the dark web, and cybercriminals can use this information for identity theft, insurance fraud, and other criminal activities.

Medical companies must take steps to protect their systems and data from cyberattacks. This includes implementing strong cybersecurity measures, such as firewalls, antivirus software, and intrusion detection systems. Companies should also conduct regular security audits and employee training to ensure that everyone is aware of the latest threats and how to prevent them.

In addition, medical companies should have a robust incident response plan in place in case of a cyberattack. This plan should include steps to contain the attack, assess the damage, and notify affected individuals and regulatory authorities. Companies should also have a backup system in place to ensure that data can be restored quickly in case of a ransomware attack.

The consequences of a cyberattack on a medical company can be severe. In addition to the financial costs of remediation and legal fees, companies can face reputational damage and loss of trust from patients and partners. Regulatory fines and lawsuits can also result from a data breach.

In conclusion, the Enzo Biochem ransomware attack highlights the need for medical companies to take cybersecurity seriously. With the rise in cyberattacks on the healthcare industry, companies must implement strong security measures, conduct regular audits and training, and have an incident response plan in place. By taking these steps, medical companies can protect their systems and data from cybercriminals and ensure that patient information remains secure.

Source link

National Cyber Security