Enzo Biochem, a New York-based biotech company, revealed that it suffered a ransomware attack in April, resulting in the compromise of test information and personal data of approximately 2.5 million individuals.
While the company was able to maintain operations, it discovered on April 11 that names, test information, and around 600,000 Social Security numbers were accessed and potentially exfiltrated from their IT systems.
Enzo Biochem promptly disconnected its systems, engaged cybersecurity experts, and informed law enforcement, but no ransomware group has claimed responsibility for the attack.
Enzo Biochem is currently conducting an investigation into the incident and expects to incur expenses related to remediation efforts. The CEO, Hamid Erfanian, acknowledged the ongoing risks and uncertainties stemming from the data that was accessed or exfiltrated, including potential regulatory scrutiny.
The company, known for being one of the pioneering biotechnology firms to go public, reported a revenue of $32.6 million in the 2022 fiscal year.
The breach at Enzo Biochem adds to the growing list of medical sciences companies experiencing patient data leaks due to ransomware attacks. Sun Pharmaceuticals, India’s largest pharmaceutical company, confirmed a similar incident involving data theft in March.
Additionally, a major pharmacy company recently announced a data breach compromising sensitive personal data of nearly six million individuals after being targeted by a ransomware group.
Other companies, such as NextGen Healthcare, Independent Living Systems, and Zoll, have also disclosed breaches involving the sensitive information of millions of patients in recent months.