Enzo Biochem Reaches $4.5M Settlement with CT, NJ, and NY Over 2023 Data Breach

Cozen O'Connor
Contact
LinkedIn
Facebook
X
Send
Embed

Cozen O'Connor

  • The New York, Connecticut, and New Jersey AGs entered into settlements with biotechnology company Enzo Biochem, Inc. and its subsidiary Enzo Clinical Labs, Inc. (collectively, “Enzo”), to resolve allegations stemming from a 2023 data breach involving the personal information of more than 2.4 million individuals in violation of HIPAA security and notification requirements and the states’ consumer protection and data security laws.
  • According to the AG offices, Enzo—which provides diagnostic testing—failed to adequately safeguard patient information, leaving it vulnerable to a ransomware attack. Enzo’s alleged data security deficiencies included shared employee log-in credentials, and failure to use controls such as multi-factor authentication (MFA), encrypt sensitive patient information, adequately monitor user activity on its network, or conduct risk management analyses and security testing.
  • Under the terms of the settlements, Enzo will pay a combined $4.5 million in civil penalties to the three states and must take measures to strengthen its data security practices including implementing MFA for all users; establishing robust password policies; encrypting all personal information, whether stored or transmitted; conducting annual risk assessments; and developing a comprehensive incident response plan. Enzo must also undergo a comprehensive third-party assessment of its network’s information security within 180 days of the settlements and offer identity theft protection services to affected individuals.
Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Cozen O'Connor

Written by:

Cozen O'Connor
Cozen O'Connor
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Cozen O'Connor on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide