The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Clinical Test Data of 2.5 Million Individuals Stolen in Enzo-Biochem Ransomware Attack

Posted By on Jun 2, 2023

The Farmingdale, NY-based biotech and diagnostics company, Enzo Biochem, has recently confirmed in an 8-K filing with the Securities and Exchange Commission that the clinical test information of 2.470,000 patients was compromised in an April 6, 2023, ransomware attack. Enzo Biochem said prompt action was taken to contain the attack when the breach was detected, and while the incident caused disruption to business operations, all of its facilities continued to provide services to patients and partners.

Enzo Biochem provides treatments for cancer, metabolic, and infectious diseases as well as testing services for a variety of transmissible diseases such as COVID-19 and STDs. On April 11, 2023, Enzo Biochem determined that data related to the provision of those services was accessed, and in some cases exfiltrated, from its systems. The stolen data included names, test information, and for approximately 600,000 individuals, Social Security numbers.  Enzo Biochem is still investigating to determine if employee information was also compromised.

Enzo Biochem said it has incurred and may continue to incur expenses related to the incident and is in the process of evaluating the full financial impact of the ransomware attack. Enzo Biochem has confirmed that affected individuals will be notified by mail if their information has been deleted and the incident will be reported to appropriate regulatory authorities.

Medford Radiology Group Investigating Memorial Day Weekend Cyberattack

Medford Radiology Group in Oregon is recovering from a cyberattack that occurred over the Memorial Day weekend. The attack occurred in the early hours of Friday morning and prevented access to medical images. The attack is still being investigated to determine the nature and scope of the breach and the extent to which patient data may have been compromised.  Medford Radiology Group said this was a “significant cybersecurity incident.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Third-party cybersecurity experts are investigating the breach and are assisting with the response and all available resources are being used to ensure radiology services and patient care continues to be provided. While the investigation is still in the early stages, Medford Radiology believes the incident was limited to its internal systems and its outside partners have not been affected.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist