Item 8.01 Other Events.
As
previously disclosed, on April 6, 2023, Enzo Biochem, Inc. (the “Company”) experienced a ransomware attack that impacted certain
information technology systems. In response, the Company promptly deployed containment measures, including disconnecting its systems from
the internet, launched an investigation with assistance from third-party cybersecurity experts, and notified law enforcement. The Company
adhered to its disaster recovery plan, which enabled it to maintain operations throughout the incident response process. The Company’s
facilities are open, and it continues to provide services to its patients and partners.
On
April 11, 2023, the Company became aware that certain data, including names, test information, and Social Security numbers, was accessed,
and in some instances, exfiltrated from the Company’s information technology systems as part of this incident. The investigation
of this incident and the assessment of its impact is ongoing. However, the Company identified unauthorized access to or acquisition of
clinical test information of approximately 2,470,000 individuals. The Social Security numbers of approximately 600,000 of these individuals
may also have been involved. The Company is evaluating whether its employees’ information may have been involved. The Company will
provide notice to the individuals whose information may have been involved, as well as to regulatory authorities, in accordance with applicable
law.
The
Company has incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate
and investigate this matter. Further, the Company remains subject to risks and uncertainties as a result of the incident, including as
a result of the data that was accessed or exfiltrated from the Company’s network as noted above. Additionally, security and privacy incidents
have led to, and may continue to lead to, additional regulatory scrutiny. The Company is in the process of evaluating the full scope of
the costs and related impacts of this incident.
For further information regarding the risks associated with cyber security incidents and disruptions to our operations,
please see “Risk Factors” in the Company’s Annual Report on Form 10-K for the fiscal year ended July 31, 2022.
Forward-Looking
Statements
This
Current Report on Form 8-K includes statements which may constitute forward-looking statements made pursuant to the safe harbor provisions
of the Private Securities Litigation Reform Act of 1995, the accuracy of which are necessarily subject to risks, uncertainties, and assumptions
as to future events that may not prove to be accurate. These statements include, but are not limited to, express or implied forward-looking
statements relating to our expectations regarding our ability to contain and assess the ransomware attack and the impact of the ransomware
attack on our operations and financial results. These statements are neither promises nor guarantees, but are subject to a variety of
risks and uncertainties, many of which are beyond our control, which could cause actual results to differ materially from those contemplated
in these forward-looking statements. Factors that could cause actual results to differ materially from those expressed or implied include
the ongoing assessment of the ransomware attack, legal, reputational and financial risks resulting from cyberattacks, including the ransomware
attack, the effectiveness of business continuity plans during the ransomware attack, and the other factors discussed in our most recent
Annual Report on Form 10-K and other filings with the Securities and Exchange Commission. The Company undertakes No obligation to
update or revise any forward-looking statements, whether as a result of new information, future events, or otherwise, except as may be
required under applicable securities law.