Henry Schein Confirms 166,000 Individuals Affected By October 2023 Ransomware Attack
Henry Schein, a Melville, NY-based provider of medical and dental supplies and Fortune 500 firm, has continued to investigate a 2023 cyberattack that affected its manufacturing and distribution businesses. The cyber incident was a ransomware attack where files were restored only for them to be encrypted by the ransomware group a second time.
Initially, the investigation identified 29,112 individuals who had their data compromised in the attack, and notification letters started to be mailed to those individuals in November 2023. Since then, Henry Schein has been working with an outside expert to review the affected files – a process that has taken a considerable amount of time and resources and continued throughout the first half of the year.
In an updated breach notification to the Maine Attorney General, Henry Schein confirmed that 166,432 individuals are now known to have been affected and had their personal and protected health information exposed or stolen. The additional individuals are now being notified and have been offered complimentary credit monitoring and identity theft protection services for 24 months. The notification to the Maine Attorney General does not show the types of data compromised in the attack; however, they are detailed in the individual notifications being mailed to the affected individuals.
November 27, 2023: BlackCat Ransomware Group Re-encrypts Henry Schein Data
The BlackCat ransomware group conducted a ransomware attack on the Fortune 500 firm Henry Schein and claimed to have stolen 35 TB of sensitive data. The healthcare giant was engaged in ongoing discussions with the group but negotiations had stalled. According to a spokesperson for the BlackCat group, “We have not received any indication of their willingness to prioritize the security of their clients, partners, and employees, let alone protect their own network.” Just as Henry Schein was about to finish restoring its systems, the BlackCat hackers struck again and re-encrypted its data.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Henry Schein confirmed in an October 15, 2023, announcement that it had been forced to take some of its systems offline to contain a cyberattack that had affected its manufacturing and distribution businesses. According to the announcement, the attack occurred the previous day. The company had been working around the clock to resolve the situation and bring its systems online, and as its investigation progressed it became clear that the ransomware group had gained access to sensitive customer and supplier information. That information included personal information, bank account information, and payment card numbers. Around two weeks after Henry Schein announced the attack, the BlackCat ransomware group claimed responsibility and added Henry Schein to its data leak site.
Henry Schein has now confirmed that the second attack resulted in applications such as its e-commerce platform being made unavailable; however, Henry Schein anticipated a quick recovery from the attack and only expected it to cause short-term disruption. Following the attack, the BlackCat group threatened to publish internal payroll data on its data leak site within a few hours if Henry Schein refused to negotiate, and claimed additional data would be released on a daily basis thereafter. Instead of posting data, BlackCat removed the listing. That could mean Henry Schein has started negotiating again or that a ransom payment has been made. Entries on the data leak sites of ransomware groups are typically only removed if a ransom has been paid.
Henry Schein has recently confirmed that the personal information of 29,112 individuals was compromised in the attack, including names, financial account information or credit/debit card numbers combined with the security codes, access codes, passwords or PINs to access accounts. The attack resulted in its e-commerce platform being taken offline and while orders could still be processed, it appears that many customers have sought medical supplies from other providers as Henry Schein is offering 10% to 15% discounts through December in an effort to win back its lost customers.
