Enzo Biochem, a New York-based biotechnology company, has confirmed that a ransomware attack exposed the clinical test information of almost 2.5 million patients.
Enzo, which manufactures and sells DNA-based tests to detect viral and bacterial diseases including COVID-19 and cancer, confirmed in an SEC filing this week that it experienced a ransomware attack on April 6. While it was able to remain operational by disconnecting its systems from the internet, Enzo said it discovered on April 11 that hackers were able to access and exfiltrate sensitive data from the company’s systems.
This includes clinical test information of 2,470,000 individuals and approximately 600,000 Social Security numbers, according to Enzo. The company added that it continues to investigate whether its employees’ information may have also been accessed.
“The Company remains subject to risks and uncertainties as a result of the incident, including as a result of the data that was accessed or exfiltrated from the Company’s network,” Enzo CEO Hamid Erfanian said in the SEC filing. “Additionally, security and privacy incidents have led to, and may continue to lead to, additional regulatory scrutiny. The Company is in the process of evaluating the full scope of the costs and related impacts of this incident.”
Enzo did not reveal how it was compromised or whether it received a ransom demand from the hacking group responsible, and company spokesperson Lynn Granito did not return TechCrunch’s request for comment. At the time of writing, it doesn’t appear any well-known ransomware group has claimed responsibility for the attack.
Enzo Biochem is the latest in a long line of medical companies to experience a breach of sensitive data in recent months. PharMerica, one of the largest pharmacy service providers in the United States, confirmed in May that hackers had stolen the personal data of 5.8 million current and deceased individuals, including Social Security numbers and medication and health insurance information.
Earlier this week, Managed Care of North America (MCNA) Dental — one of America’s largest dental health insurers — confirmed that the personal information of almost nine million individuals had been compromised following a ransomware attack on its systems.