New York Attorney General Letitia James announced on Tuesday that Enzo Biochem (NYSE: ENZ) agreed to pay $4.5 million and improve its data security practices for failing to prevent a 2023 cyberattack.
Ransomware attack exposes personal information and the private messages of approximately 2.4 million patients, including 1.4 million New Yorkers. James added that her state will receive $1.8 million from the grant.
Connecticut and New Jersey, two other states where Enzo Biochem (ENZ) operates, will receive the remaining payments.
The attorney general’s office investigated the incident and reached a settlement. Investigators discovered that criminals used login credentials shared by five Enzo Biochem (ENZ) employees to access the company’s systems.
However, with no systems or processes in place to monitor suspicious activity, ENZ did not detect the attack until several days later. “Healthcare companies like Enzo do not prioritize data security, putting patients at serious risk for fraud and identity theft,” James said.