Enzo Biochem Confirms Data Breach Impacting Nearly 2.5M Individuals

June 07, 2023 - New York-based Enzo Biochem confirmed in a recent Securities and Exchange Commission (SEC) filing that an April 2023 ransomware attack resulted in the potential exposure of information pertaining to nearly 2.5 million individuals.

The molecular diagnostics company experienced a ransomware attack on April 6 that impacted certain information technology systems. Following the discovery, Enzo said it immediately disconnected its systems from the internet, notified law enforcement, and engaged a cybersecurity firm. The company continued to remain open and provide services to patients throughout the response.

Enzo is still investigating the scope of the incident, but has determined unauthorized access or acquisition of clinical test information belonging to 2,470,000 individuals. Of those individuals, 600,000 also had their Social Security numbers involved.

“The Company has incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter. Further, the Company remains subject to risks and uncertainties as a result of the incident, including as a result of the data that was accessed or exfiltrated from the Company’s network as noted above,” the SEC filing stated.

“Additionally, security and privacy incidents have led to, and may continue to lead to, additional regulatory scrutiny. The Company is in the process of evaluating the full scope of the costs and related impacts of this incident.”

MedInform Breach Impacts Cleveland Clinic Patients

MedInform, an Ohio-based company that provides accident recovery and itemization solutions to hospitals, suffered a data breach that impacted 14,453 individuals, including Cleveland Clinic patients. MedInform is a business associate of Cleveland Clinic.  

MedInform discovered suspicious activity within its systems on December 21, 2022, and later determined that an unauthorized party had accessed its systems between December 5 and December 21. The unauthorized party potentially accessed patient names, Social Security numbers, financial account information, addresses, and medical billing information.

The company said it moved quickly to contain the incident, notify hospital system clients, and assess network security.

“As part of our ongoing commitment to information security, we reviewed existing policies and procedures, enhanced certain administrative and technical controls, and provided additional security training to reduce the likelihood of a similar future event,” the notice stated.

UI Community HomeCare Suffers Breach, 68K Impacted

UI Community HomeCare, a subsidiary of the University of Iowa Health System, suffered a healthcare data breach that impacted 67,897 individuals. UI Community HomeCare discovered encrypted files on its systems on March 23, 2023 and promptly launched an investigation.

The information involved in the breach may have included names, dates of service, dates of birth, addresses, phone numbers, health insurance information, billing and claims information, medical histories, diagnoses, medical record numbers, and referring physicians.

UI Community HomeCare encouraged impacted individuals to closely monitor “Explanation of Benefits” sent by insurance companies and to report any suspicious activity. The organization said it had “no evidence of misuse of any information related to this incident.”

“UI Community HomeCare understands the serious nature of any potential breach – no matter how limited – so it has conducted a thorough investigation, identified, and mitigated the risks, and strengthened its security oversight efforts to minimize the likelihood of a similar occurrence,” the notice stated.

“UI Community HomeCare values patient privacy and deeply regrets any inconvenience this may have caused patients and their families.”