Enzo Clinical Labs Facing Class Action Over 2023 Data Breach Impacting 2.5M Patients

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action alleges negligence on the part of Enzo Biochem and subsidiary Enzo Clinical Labs is to blame for an April 2023 data breach that exposed the private data of nearly 2.5 million patients.

Want to stay in the loop on class actions that matter to you? Sign up for ClassActon.org’s free weekly newsletter here.

The 48-page lawsuit says that Enzo Biochem, a New York-based molecular diagnostics company, and Enzo Clinical Labs, a full-service clinical reference laboratory, discovered on April 6 of this year that they had fallen victim to a ransomware attack. During the incident, an unauthorized actor gained access to files containing the names, clinical test information and Social Security numbers of patients and clients’ patients, the filing states.

The cyberattack, which reportedly took place between April 4 and 6, 2023, was a direct result of Enzo’s failure to properly safeguard consumers’ data by implementing reasonable cybersecurity procedures, the case contends.

“Had Enzo remedied the deficiencies in its information storage and security systems, followed industry guidelines, and adopted security measures recommended by experts in the field, it could have prevented intrusion into its information storage and security systems and, ultimately, the theft of Plaintiff’s and Class Members’ confidential Private Information,” the filing states.

The plaintiff, a New York resident who claims to be unaware of how and when Enzo gained access to her private information, says she received around May 31 a “vaguely worded” notice letter from the defendant informing her of the ransomware attack. According to a notice Enzo filed with the U.S. Securities and Exchange Commission on May 30, approximately 600,000 of the 2,470,000 total victims had their Social Security numbers stolen in the breach, although “the assessment of its impact is ongoing,” the suit relays.

Per the case, the company has offered no assurance that it has adequately enhanced its data security practices in the wake of the breach or that the compromised data has been recovered or destroyed.

Notably, Enzo has yet to offer any complimentary credit monitoring or other remedial assistance to data breach victims, who now face a significant, long-lasting risk of identity theft and various other forms of personal, social and financial harm, the complaint emphasizes.

“Enzo knew or should have known that its electronic records would be targeted by cybercriminals,” the case reads, claiming that the defendant was on notice that companies in the healthcare industry are particularly suspectable to data breaches due to the highly sensitive—and therefore valuable—nature of the information they store.

The lawsuit looks to represent anyone whose private information was actually or potentially accessed or acquired during the data breach for which Enzo Clinical Labs provided notice to the plaintiff and other class members beginning on or around May 31, 2023.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.