"Getting blood work or medical testing should not result in patients having their personal and health information stolen by cybercriminals," the attorney general said at the time.
"Healthcare companies like Enzo that do not prioritize data security put patients at serious risk of fraud and identity theft. Data security is part of patient safety, and my office will continue to hold companies accountable when they fail to protect New Yorkers."
Enzo's credential hygiene was a particular point of concern, with genuine company credentials used to make the initial intrusion, shared among five employees.
The agreement mandated that Enzo make certain upgrades to its data protection systems, which had already been reported to the SEC as completed.
Collection
[
|
...
]