NEW YORK – Enzo Biochem reported Tuesday that clinical test data from about 2.5 million patients and Social Security numbers from about 600,000 had been accessed in a breach of the company's network security.
In a report filed Tuesday with the US Securities and Exchange Commission, the Farmingdale, New York-based firm said it discovered the breach following a ransomware attack launched April 6. The company said it responded to the attack by disconnecting its network from the internet, investigating with the help of third-party experts, and notifying law enforcement. While the firm has been able to continue operations, it has incurred expenses related to remediating and investigating the attack, it said.
"The company will provide notice to the individuals whose information may have been involved as well as to regulatory authorities, in accordance with applicable law," it said.
Enzo did not disclose any further details about the amount or nature of its financial losses except that it was "evaluating the full scope of the costs and related impacts of this incident." A spokesperson said the company would decline to comment beyond the SEC filing.
In March, the firm said it had reached a $146 million deal to sell its clinical laboratory division to Labcorp.