After facing a ransomware attack at the hands of hackers who breached its computer systems, Enzo Biochem is notifying nearly 2.5 million individuals that their protected health information (PHI) and Social Security numbers were compromised.
Enzo Biochem is a life sciences and molecular diagnostics company based in New York that provides clinical research services, and develops products such as DNA tests.
On May 30, the company filed documents with the Securities and Exchange Commission (SEC) to announce the breach, alerting the public that there were 2.47 million individuals across the US that were affected by the data breach, 600,000 of whom had personal identifiable information (PII) such as their Social Security numbers leaked. On April 6, the company confirmed that a ransomware attack had breached its external systems, and on April 11 it determined definitively what kind of data had been leaked, including names and testing information, and is now disclosing the incident publicly.
Though the company continues to operate, and its facilities are still open, it is implementing new measures to its disaster recovery plan and has launched an investigation with the help of cybersecurity experts in response to the attack.
"Identity PII and PHI data continues to be a high-demand target for malicious attackers. Disconnecting machines from outside access for the most part will not help against an already encrypted system or further prevent automatic propagation of malware," Roy Akerman, co-founder and CEO of Rezonate, noted in an emailed statement. "The attackers had potentially intended to compromise data and further leverage that for additional follow up attacks or sell in the Dark Web. As more information becomes available, we will be able to determine the root cause, intent, and complete impact."
It is still unknown as to whether or not employee data was affected by the breach.