"DNA Diagnostic Center fined $400,000 for 2021 data breach"

DNA Diagnostics Center, a DNA testing company, will pay a penalty of $400,000 to the attorneys general of Pennsylvania and Ohio for a data breach in 2021 that affected 2.1 million individuals nationwide.  According to a settlement deal with the states’ attorneys general, the company will also be required to implement improvements to its data security, including updating the asset inventory of its entire network and disabling or removing any assets identified that are not necessary for any legitimate business purpose.  Founded in 1995, DNA Diagnostic Center is a private DNA-testing company that offers diagnostic and genetic tests to help answer relationship, fertility, and health and wellness questions.  DNA Diagnostics Center’s hacking incident involved legacy data from Orchid Cellmark, which the company had acquired in 2012 to expand its business portfolio.  The court documents noted that, specifically, the breach involved databases that were not used for business purposes but were provided to DNA Diagnostic Center as part of a 2012 acquisition of Orchid Cellmark.  The stolen data included records between 2004 and 2012.  The joint investigation by Ohio and Pennsylvania found DNA Diagnostics Center made unfair and deceptive statements about its cybersecurity and failed to employ reasonable measures to detect and prevent a data breach, exposing its consumers to harm.  The breach exposed the social security numbers and other personal data of about 33,300 consumers in Ohio and about 12,600 in Pennsylvania.  DNA Diagnostics Center will pay a $200,000 HIPAA fine to Ohio and a $200,000 HIPAA penalty to Pennsylvania.

CSO reports: "DNA Diagnostic Center fined $400,000 for 2021 data breach"