Penalty Amount
$4,500,000
Consumers Affected
2,400,000
Enzo Biochem, Inc. agreed to pay $4.5 million and strengthen its cybersecurity practices to settle allegations that deficient data security led to a ransomware attack exposing the health data of 2.4 million patients. The multistate enforcement action was led by New Jersey with New York and Connecticut.
Enzo must pay $4.5 million and implement a comprehensive information security program, including multi-factor authentication, strong passwords, encryption, annual risk assessments, and an incident response plan.
Entity
Enzo Biochem, Inc.
Also known as: Enzo Biochem
Industry
HealthcareOfficial Press Release
https://www.njoag.gov/attorney-general-platkin-and-multistate-coalition-secure-4-5-million-from-enzo-biochem-for-failing-to-protect-health-data/
2024 0813 Enzo NJ Consent Order DCA Executed
https://www.nj.gov/oag/newsreleases24/2024-0813_Enzo-NJ-Consent-Order-DCA-Executed.pdf
New Jersey Attorney General Enforcement Page
https://www.njoag.gov/about/divisions-and-offices/division-of-consumer-affairs/
$4.5M
New York Attorney General Letitia James, along with Connecticut and New Jersey attorneys general, secured a $4.5 million settlement from Enzo Biochem, Inc. for failing to protect patient health data, resulting in a ransomware attack that exposed personal information of approximately 2.4 million patients. Enzo agreed to pay the penalty and implement enhanced cybersecurity measures.
$4.5M
Connecticut Attorney General William Tong, along with New York and New Jersey attorneys general, secured a $4.5 million settlement from Enzo Biochem, Inc. for failing to protect patient health data, resulting in a ransomware attack that compromised 2.4 million patients' information. Enzo must pay the fine and implement enhanced cybersecurity measures including multi-factor authentication and annual risk assessments.
A former employee of the New Jersey Department of Children and Families was indicted for allegedly leaking confidential child protection case information in exchange for bribes. The defendant, Susaida Nazario, misused her access to provide case details to an unauthorized individual, compromising sensitive children's data.
New Jersey Attorney General Matthew Platkin announced that New Jersey is joining a coalition of 22 states in suing Uber for deceptive practices related to its Uber One subscription service. The lawsuit alleges that Uber enrolled consumers without their knowledge and made cancellation extremely difficult, seeking restitution, penalties, and an injunction under New Jersey's Consumer Fraud Act and the Restore Online Shoppers' Confidence Act.
New Jersey Attorney General Matthew Platkin is leading a bipartisan coalition of 42 attorneys general in sending a letter to 13 tech companies, demanding that they implement safeguards for their AI chatbots to prevent harmful interactions such as sexually explicit conversations with children, encouraging self-harm, and spurring violence, following reports of serious incidents including deaths and self-harm.
The New Jersey Division of Consumer Affairs sent warning letters to over 3,000 auto dealerships reminding them of the state's data deletion law, which requires dealerships to offer to delete personal data from vehicles when accepting them for resale or lease. Failure to comply can result in fines of $500 for first offenses and $1,000 for subsequent offenses, aimed at preventing unauthorized access to sensitive consumer information stored in vehicle infotainment systems.