The investigation uncovered that Enzo Biochem practiced poor credential hygiene and allowed shared user credentials across employees, leading to the initial ransomware attack. Disturbingly, one credential hadn't been updated in a decade, contributing to the breach.
Enzo's failure to implement multi-factor authentication meant staff could access email without additional security checks, further escalating the risks associated with their cybersecurity protocols.
Despite being aware since 2021 of the need to protect sensitive patient data, Enzo Biochem did not encrypt all records at rest, resulting in the exposure of vast amounts of personal information during the attack.
This case highlights systemic cybersecurity failings, including inadequate risk evaluation and lack of encryption on key IT systems, leading to an unnecessary breach affecting over 2.4 million individuals.
Collection
[
|
...
]