New York prosecutors have reached a settlement with Enzo Biochem following a cyberattack on their medical laboratory in April 2023 that compromised the data of 2.4 million patients. The company was found negligent in their security measures and has agreed to pay a fine of $4.5 million.
The hackers exploited shared passwords among employees, with two sets of passwords being shared among five individuals for over a decade, and no system in place to monitor for unusual activity.
As part of the agreement, Enzo is required to strengthen password policies, enforce two-factor authentication, encrypt personal data, and improve their cybersecurity response plan for faster mitigation.
Source: Channel News Asia
TLDR: Enzo Biochem fined $4.5 million for security breach compromising 2.4 million patient records, agrees to improve cybersecurity measures.
Leave a Comment