Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Henry Schein. Show all posts

Henry Schein Data Breach: Healthcare Giant Reports Second Attack in Two Months


U.S. based healthcare company Henry Schein has confirmed another cyberattack this month conducted by threat actor ‘BlackCat/ALPHV’ ransomware gang. The company was previously attacked by the same group in October. 

Henry Schein

Henry Schein is a Fortune 500 healthcare products and services provider with operations and affiliates in 32 countries, with approximately $12 billion in revenue reported in 2022. 

It first made public on October 15 that, following a cyberattack the day before, it had to take some systems offline in order to contain the threat.

On November 22, more than a month later, the company announced that parts of its apps and the e-commerce platform had once more been taken down due to another attack that was attributed to the BlackCat ransomware.

"Certain Henry Schein applications, including its ecommerce platform, are currently unavailable. The Company continues to take orders using alternate means and continues to ship to its customers," the announcement said.

"Henry Schein has identified the cause of the occurrence. The threat actor from the previously disclosed cyber incident has claimed responsibility."

Today, the company released a statement, noting that it has restored its U.S. e-commerce platform and that it is expecting its platforms in Canada and Europe to be back online shortly. 

The healthcare services company is apparently still taking orders through alternate methods and distributing them to customers in the affected areas.

Henry Schein’s BlackCat Breach

Following the breach, the ransomware gang BlackCat added Henry Schein to its dark web leak forum, taking responsibility for breaching the company’s network. BlackCat notes that it has stolen 35 terabytes of the company’s crucial data. 

The cybercrime organization claims that they re-encrypted the company's devices while Henry Schein was about to restore its systems, following a breakdown in negotiations toward the end of October.

This would make the event this month the third time that BlackCat has compromised Henry Schein's network and encrypted its computers after doing so on October 15.

"Despite ongoing discussions with Henry's team, we have not received any indication of their willingness to prioritize the security of their clients, partners, and employees, let alone protect their own network," the threat actors said.

The ransomware group further warned of releasing their internal payroll data and shareholder folders to their collective blog by midnight. 

Initially discovered in November 2021, BlackCat is believed to have rebranded itself from the popular DarkSide/BlackMatter gang. DarkSide has earlier gained global recognition by initiating attacks on Colonial Pipelines, prompting extensive law enforcement probes.

Moreover, the FBI has linked the ransomware group to over 60 breaches, between November 2021 and March 2022, affecting companies globally.  

BlackCat Ransomware Claims Breach of Healthcare Giant Henry Schein

 


The BlackCat (ALPHV) ransomware gang says they successfully hacked into Henry Schein, a major healthcare company. They claim to have taken a large amount of data, including employee payroll and shareholder information. Henry Schein operates in 32 countries and made over $12 billion in revenue in 2022. Over the past few years, BlackCat has shown a noticeable rise in malicious activities. 

The group has been targeting various sectors such as healthcare, education, electricity, and natural gas in their recent attacks. According to an FBI FLASH report from April 2022, the BlackCat/ALPHV ransomware service had successfully breached at least 60 organizations globally by the close of March 2022. 

On October 15, Henry Schein on its official website revealed Henry Schein Provides Information on Cybersecurity Incident - Henry Schein that it had to temporarily shut down some of its systems in response to a cyberattack affecting its manufacturing and distribution divisions just the day prior. 

The company acted swiftly, implementing precautionary measures like temporarily disabling certain systems and other steps aimed at containing the incident. This proactive approach has resulted in a temporary disruption to some of Henry Schein's business operations. 

The company is actively working towards a swift resolution of the situation. Despite experiencing disruptions in certain business operations, Henry Schein reassures that its Henry Schein One practice management software remains unaffected. The company has taken proactive steps by notifying pertinent law enforcement agencies about the incident. Additionally, they have enlisted the expertise of external cybersecurity and forensics professionals to probe for any potential data breach resulting from the attack. 

In a letter issued a week subsequent to revealing the cyberattack, the healthcare services provider encourages its customers to place orders through their designated Henry Schein representative or by utilizing dedicated telesales phone numbers. 

About two weeks later, the BlackCat/ALPHV ransomware group posted on their dark web leak site, saying they hacked into Henry Schein's system and took 35 terabytes of important files. Additionally, The group said they locked up the company's devices again, even after Henry Schein had almost fixed everything because they could not agree on a deal.