Penalty Amount
$4,500,000
New York Attorney General Letitia James, along with Connecticut and New Jersey attorneys general, secured a $4.5 million settlement from Enzo Biochem, Inc. for failing to protect patient health data, resulting in a ransomware attack that exposed personal information of approximately 2.4 million patients. Enzo agreed to pay the penalty and implement enhanced cybersecurity measures.
Enzo must pay $4.5 million and adopt a comprehensive information security program with measures such as multi-factor authentication, strong passwords, encryption, annual risk assessments, and an incident response plan.
Entity
Enzo Biochem, Inc.
Also known as: Enzo Biochem
Industry
HealthcareOfficial Press Release
https://ag.ny.gov/press-release/2024/attorney-general-james-secures-45-million-biotech-company-failing-protect-new
enzo biochem aod 2024
https://ag.ny.gov/sites/default/files/settlements-agreements/enzo-biochem-aod-2024.pdf
New York Attorney General Enforcement Page
https://ag.ny.gov/press-releases
$4.5M
Enzo Biochem, Inc. agreed to pay $4.5 million and strengthen its cybersecurity practices to settle allegations that deficient data security led to a ransomware attack exposing the health data of 2.4 million patients. The multistate enforcement action was led by New Jersey with New York and Connecticut.
$4.5M
Connecticut Attorney General William Tong, along with New York and New Jersey attorneys general, secured a $4.5 million settlement from Enzo Biochem, Inc. for failing to protect patient health data, resulting in a ransomware attack that compromised 2.4 million patients' information. Enzo must pay the fine and implement enhanced cybersecurity measures including multi-factor authentication and annual risk assessments.
New York Attorney General Letitia James, joined by 16 other states, sued the U.S. Department of Education over a new survey requiring colleges to submit extensive student data, arguing it violates the Administrative Procedure Act and threatens student privacy. The lawsuit seeks to block the mandate and prevent penalties for non-compliance.
New York Attorney General Letitia James sent a letter to Instacart demanding information about its algorithmic pricing practices after a study revealed significant price differences for the same products. The AG warns that Instacart may be violating the New York Algorithmic Pricing Disclosure Act by failing to clearly disclose the use of personal data for price setting.
$500K
New York Attorney General Letitia James secured a $500,000 settlement from OrthopedicsNY, LLP for failing to implement reasonable data security practices, which led to a cyber-attack stealing sensitive personal and health information of over 650,000 patients and employees. The settlement imposes penalties, requires funding for credit monitoring, and mandates enhanced security measures including multi-factor authentication and encryption.
$5.1M
Illuminate Education, Inc. experienced a data breach in 2022 that exposed personal information of millions of students due to inadequate security measures. A multistate investigation by New York, California, and Connecticut Attorneys General resulted in a $5.1 million settlement requiring Illuminate to enhance cybersecurity practices and pay penalties.