An announcement of the transaction was shared on March 17th (read more). The transaction was completed on July 24, 2023.
Substitute Notice / Website Notice
Notice of Data Security Incident
Like many other companies that relied on MOVEit, and its developer, Progress Software, for secure file transfer services, Enzo’s MOVEit server was impacted by the zero-day vulnerability that allowed an unauthorized actor to exfiltrate files from its server.
Enzo utilized MOVEit to securely send test results to ordering healthcare providers. Once Enzo became aware of a potential issue, Enzo disabled its MOVEit server and began an investigation with assistance from a third-party cybersecurity firm. On July 18, 2023, the investigation determined that a small number of these files were accessed on May 31, 2023, as a result of this vulnerability. These files contained patient names, clinical test results, the names of ordering healthcare providers, and in a few instances, Social Security numbers.
This incident does not impact all patients - only certain patients who either received clinical tests between March 20, 2023 and May 30, 2023 or whose physician requested a copy of results during this time period were involved.
Enzo mailed letters to the affected patients and opened a dedicated assistance line to answer questions about this incident. Enzo is also offering complimentary credit monitoring and identity theft protection services to patients whose Social Security numbers were involved and is advising impacted patients to review their healthcare records for accuracy, as a best practice. If you believe you are affected by this incident and do not receive a letter by September 27, 2023, please call 833-627-2809, Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern, excluding some major U.S. holidays.
Enzo takes this event and the security of information in its care seriously. To prevent further issues, Enzo disabled its MOVEit server and moved to a different secure file transfer process.
Notice of Data Security Incident
Enzo Clinical Labs is committed to protecting the privacy and security of the information in our care. Regrettably, we recently had a cybersecurity incident that involved some of that information. This notice explains the incident and measures we have taken in response.
On April 6, 2023, we identified a ransomware incident on our computer network. We immediately took steps to secure our systems and began an investigation with the assistance of a cybersecurity firm. The investigation determined that an unauthorized party accessed files on our systems between April 4, 2023, and April 6, 2023.
The files contained patient names, dates of service, clinical test information, and, in some instances, Social Security numbers. Patient financial and payment information was not involved in this incident.
We are mailing letters to affected patients and offering complimentary credit monitoring and identity theft protection services to those whose Social Security numbers were involved. If you believe you are affected by this incident and do not receive a letter by July 5, 2023, please call our dedicated assistance line available at (866) 547-1115, Monday through Friday, 9:00 a.m.–6:30 p.m. Eastern Time.
Enzo takes this incident very seriously and regrets any inconvenience or concern this may cause those who are affected. To help prevent something like this from happening in the future, we have and will continue to take steps to enhance the security of our computer systems and the data we maintain.