Global healthcare distributor Henry Schein has escalated its October 15th “cyber incident” to a confirmed “data breach,” disclosing that sensitive information, including bank account and credit card details, has been compromised. Separate notices sent to both customers and suppliers on November 13th updated stakeholders on the ongoing investigation.
The notice acknowledges that customer and personal identifiable information (PII) like bank account and credit card numbers may have been exposed to third parties. Additionally, it confirmed the misuse of bank account information for a limited number of suppliers.
While the company continues to determine the full extent of compromised data, it has advised customers and suppliers to change passwords, enhance transaction authorizations, review recent debits, and activate security features like the “ACH Debit Block.”
The attack, attributed to the ALPHV/BlackCat ransom gang, disrupted Henry Schein’s website, impacting manufacturing and distribution operations. This prompted the shutdown of specific systems to contain the incident.
As a result, customers experienced disruptions in online orders, leading to supply chain delays. Despite the company’s engagement with cybersecurity experts and law enforcement, stakeholders reported a lack of updates beyond the initial statement.
Although initially termed a ‘cyber incident,’ the breach notice confirms ongoing investigations alongside plans to mail credit monitoring and identity protection forms to affected individuals.
The ransom group claimed possession of substantial internal data and threatened to publish stolen information, indicating potential employee and shareholder PII exposure.
Speculations arose when Henry Schein was removed from the ransom group’s leak site, hinting at potential ransom payment. The ALPHV/BlackCat gang, known for its extensive ransomware activities, operates on a ransomware-as-a-service model, having targeted various entities, causing significant financial losses.
Their tactics involve triple-extortion strategies, impacting companies like MGM Resorts, Caesars International, Clorox, Dole, NCR, Next Gen Healthcare, Seiko, Mazars Group, among others. The group’s activities are estimated to have incurred over $1 billion in lost revenue in 2023 and accounted for a significant portion of ransomware attacks in recent years.
