Enzo Clinical Labs, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

In April 2023, Enzo Clinical Labs, Inc., a subsidiary of Enzo Biochem, experienced a significant data breach due to a ransomware attack. This incident exposed the private data of nearly 2.5 million patients, making it one of the largest healthcare data breaches of the year. The compromised data included names, clinical test information, and Social Security numbers of patients and clients. Approximately 600,000 of the affected individuals had their Social Security numbers stolen. The breach occurred between April 4 and 6, 2023, and was discovered by the company on April 6. Enzo Biochem reported the incident to the Securities and Exchange Commission on May 30, 2023.

The breach has led to a class action lawsuit against Enzo Biochem and Enzo Clinical Labs, alleging negligence in failing to implement adequate cybersecurity measures to protect sensitive patient information. The lawsuit claims that the company did not follow industry guidelines or adopt recommended security measures, which could have prevented the cyberattack. As a result, affected individuals now face a significant risk of identity theft and other forms of personal, social, and financial harm. Despite the breach, Enzo has not offered complimentary credit monitoring or other remedial assistance to the victims.

Enzo Biochem is subject to the Health Insurance Portability and Accountability Act (HIPAA) as it operates a clinical laboratory and has direct patient relationships. The company is expected to report the breach to the Department of Health and Human Services (HHS) and notify all affected individuals, as required by the HIPAA Breach Notification Rule. The aftermath of the breach is likely to be costly for Enzo, including expenses related to business interruption, cyber investigation fees, legal expenses, notifying affected patients, and defending against a HIPAA investigation and multiple lawsuits[1][3][5][7].

Citations:

  1. https://www.classaction.org/news/enzo-clinical-labs-facing-class-action-over-2023-data-breach-impacting-2.5m-patients
  2. https://www.labcorp.com
  3. https://thehipaaetool.com/enzo-biochem-hit-with-ransomware/
  4. https://www.sandia.gov
  5. https://insideinvestigator.org/medical-lab-data-breach-exposes-millions-of-patients-data-across-states/
  6. https://www.astrazeneca.com
  7. https://shublawyers.com/news/enzo-biochem-lawsuit/
  8. https://hcahealthcare.com
  9. https://www.linkedin.com/pulse/enzo-biochem-inc-sued-ransomware-data-breach-joe-brunner
  10. https://www.tribuneindia.com
  11. https://techcrunch.com/2023/06/01/enzo-biochem-says-ransomware-attack-exposed-clinical-test-data-of-2-5-million-patients/
  12. https://www.storyblocks.com
  13. https://news.bloomberglaw.com/privacy-and-data-security/labcorp-enzo-biochem-sued-over-ransomware-attack-on-health-data
  14. https://consensys.io
  15. https://therecord.media/clinical-test-data-of-enzio-biochem-stolen
  16. https://www.cummins.com
Breach Submission Date Aug 31, 2023
Converted Entity Name Enzo Clinical Labs, Inc.
Converted Entity Type Healthcare Provider
State NY
Individuals Affected 1,700
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes