Violation of HIPAA Security Rule = Violation of NY SHIELD Act | Data Protection Report
Data Protection Report
|
Summary
On August 13, 2024, Enzo Biochem Inc. and its subsidiary Enzo Clinical Labs, Inc. settled with the New York, Connecticut, and New Jersey Attorneys General for a $4.5 million payment after a security incident in April 2023. The settlement followed findings that Enzo failed to implement security measures recommended in a 2021 vendor HIPAA risk assessment, leading to violations of both the HIPAA Security and Breach Notification Rules and New York’s SHIELD Act. Enzo did not admit liability as part of the settlement. This case emphasizes the importance of promptly addressing security vulnerabilities and indicates potential enforcement actions for HIPAA-covered entities under the SHIELD Act.