Schein warns cyber hit possibly exposed customer, supplier data

Computer Keyboard Shadow Cyberattack

Henry Schein informed customers and suppliers in the U.S. on November 13 that the cyber strike that kept its operations incapacitated for about a month may have exposed sensitive data, including bank account and credit card numbers to third parties.

As a precaution, consumers and suppliers are encouraged to change bank and credit card account passwords, review their accounts for suspicious activity, and enhance account transaction authorizations. Additionally, free credit monitoring and identity protection services will be provided, where applicable, to those affected by any data breach, according to the letters.

“We deeply apologize for the inconvenience that this incident has caused, as always, we thank you for your support," according to letters the company sent to consumers and suppliers in the U.S.

Furthermore, the dental and medical distributor’s e-commerce site is now fully functional. The site had been offline since the cybersecurity incident on October 14. Henry Schein’s distribution businesses were operational on November 13.

Also, on November 13, Henry Schein announced that the cyberattack is expected to hurt its sales for 2023. The company’s full-year 2023 sales are expected to be approximately 1% to 3% lower than its total sales in 2022.

On November 2, the ransomware squad BlackCat, also known as ALPHV, claimed on a leak site on the dark web that it had breached Henry Schein’s network and looted 35TB -- 1TB is equivalent to about 200,000 five-minute songs -- of sensitive data, which included payroll and shareholder information. Also, BlackCat threatened to start dumping the stolen data.

Nevertheless, the gang, a ransomware as a service (RaaS) organization, alleged that its negotiations with the company failed so it re-encrypted the healthcare giant’s devices again just as Henry Schein was close to restoring its systems. Not long after the cybercriminals claimed responsibility for the attack, its post on a leak site was deleted. The deletion of the post was a possible indication that Henry Schein had paid the ransom or that negotiations between the groups had resumed.  

 

Page 1 of 74
Next Page