BlackCat Ransomware Group Claims Responsibility for Attack on Henry Schein
The BlackCat (ALPHV) ransomware group has claimed responsibility for an attack on Henry Schein, a Fortune 500 distributor of dental and medical supplies and provider of practice management software and solutions for healthcare providers.
Henry Schein confirmed on October 15, 2023, that it had experienced a cybersecurity incident, which was detected on October 14, 2023. The incident affected a portion of its manufacturing and distribution business, which caused temporary disruption to its business operations. More than three weeks on and the company is still experiencing technical difficulties with its website and webshop. Third-party cybersecurity consultants have been engaged to investigate the breach and the data impact, and law enforcement has been notified. The incident is still being investigated; however, it has been determined that users of its client management software were unaffected.
In a November 13, 2023, notice to its customers, Henry Schein said “We do not have all the details of what data may have been compromised. Customer and personal (sic) identifiable information, such as bank account numbers, credit card numbers, and other sensitive information, may have been exposed to third parties.” Henry Schein has confirmed that complimentary credit monitoring and identity theft protection services will be offered to individuals who have had sensitive data exposed. Investors were informed that the attack primarily affected its dental and medical distribution operations in North America and Europe, and that it expects a $0.55 to $0.75 hit to its shares as a result of the breach.
According to the BlackCat group’s dark web data leak site, 35 terabytes of data were stolen in the attack, including payroll and shareholder data. The group claimed to have encrypted files and was negotiating with the company, and just when the company had almost completed restoring its systems, they were encrypted again as negotiations failed. BlackCat also threatened to publish some of the company’s payroll and shareholder data. The listing has since been removed, indicating negotiations have resumed.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
In a notification letter to the Maine Attorney General, Henry Schein said 29,112 individuals had been affected.
Ventura Orthopedics Notifies Patients About 2020 Ransomware Attack
Ventura Orthopedics in California has recently started notifying patients that some of their protected health information was compromised in a July 20, 2020, ransomware attack. According to the company’s substitute breach notice, the security breach was discovered in September 2020 when files on its network were encrypted. A ransom demand was received, but Ventura Orthopedics was able to recover the encrypted files from data backups so the ransom was not paid. At the time, the investigation indicated the attackers gained access to the information of a single patient, who was notified at the time.
Further investigation into the incident has revealed additional patients were also affected. The hackers gained access to the files of a single physician and his physician assistant. Those files included names, dates of birth, and drug and laboratory testing results from 2016, 2017, and 2018. Notification letters are now being sent to those individuals.
According to DataBreaches, the Maze ransomware group added the company to its leak site and the Conti group later leaked the data of 1,850 individuals on its data leak site. The site tried to make contact with Ventura on several occasions and also filed a complaint with OCR about the incident, which OCR investigated. On September 13, 2023, the company said it had discovered additional data was involved, following a conference call with the site’s operator.
At present, the incident is not yet showing on the HHS’ Office for Civil Rights breach portal, and Ventura Orthopedics has not yet publicly disclosed how many individuals were affected.
PHI Exposed in Cyberattack on Edward C. Taylor, PhD
Edward C. Taylor, Ph.D., a provider of counseling and psychoeducational assessment services in Jacksonville, FL, has recently completed an investigation of a cyberattack. A security breach was detected on August 19, 2023, and third-party digital forensics specialists were engaged to investigate and determine the nature and scope of the incident. On or around October 5, 2023, it was confirmed that an unauthorized individual had gained access to its network for one day and exfiltrated files containing company information.
It was not possible to determine whether the stolen files contained any patient information; however, files were present on the compromised part of the network that included the protected health information of 6,684 patients. The exposed information included names, contact information, dates of birth, insurance information, information relating to mental health including clinical information, and diagnoses. Internal settings and controls have been updated and passwords changed to prevent similar breaches in the future.
