Global healthcare distributor Henry Schein has upgraded its October 15th “cyber incident” to a full-blown “data breach,” warning suppliers and customers that sensitive data such as bank account and credit card information have been compromised.
The company sent out separate notices to both customers and suppliers on November 13th with updated details about the unfolding cyber investigation.
“Henry Schein is now aware that a data breach has occurred,” the notice states.
“Customer and personal [sic] identifiable information [PII] such as bank account numbers, credit card numbers, and other sensitive information may have been exposed to third parties,” the company said.
The notice to suppliers was much more serious as the company confirmed "the bank account information for a limited number of suppliers was misused."
Unfortunately, the notice also stated that the global health technology and product distributor was still determining exactly “what data may have been compromised,” implying there could be more revelations for the entities and individuals involved.
As a precautionary measure, Henry Schein is encouraging all its customers and suppliers to:
- Change the passwords of bank and credit card accounts.
- Enhance account transaction authorization.
- Reviewing recent debits for any suspicious activity.
Additionally, all suppliers were urged to take the following two actions to eliminate the risk of an unauthorized debit:
- Turn on the "ACH Debit Block" feature in your bank account.
- Require an additional level of authentication before funds can be debited from your account.
The company says it has "already separately addressed those impacted."
The Henry Schein attack – claimed by the ALPHV/BlackCat ransom gang – disrupted the company’s website and “a portion of its manufacturing and distribution operations,” forcing IT teams to take “certain systems offline to contain the incident,” a Henry Schein statement said at the time.
Meantime, Henry Schein customers have complained of having to complete orders by phone instead of online, causing delays in the supply chain.
Customers say they were left in the dark and that Henry Schein provided no other updates on the situation other than its original statement.
The New York-based health distributor had stuck to labeling the event as a ‘cyber incident’ until now, even after the ALPHV/BlackCat ransom gang had posted Henry Schein on its dark leak site.
“We have been working with leading external cybersecurity and forensic experts, as well as law enforcement, to investigate the incident,” the breach notice stated.
The company said they would be mailing credit monitoring and identity protection enrollment forms to all affected persons over the next few weeks.
ALPHV/BlackCat targets Henry Schein
The Russian-linked gang claimed to have exfiltrated 35 terabytes of sensitive data from the firm, threatening to publish the stolen data on November 3rd.
At one point, the group boasted it possessed a portion of Henry Schein’s “internal payroll data and shareholder folders,” which implies employee and shareholder PII may have been compromised as well.
On November 2nd, the ransom group posted on its blog that it had re-encrypted the company’s systems due to an apparent breakdown of negotiations.
Days later, Henry Schein was taken off of the ALPHV/BlackCat leak site, leading to speculation that the company has paid off the attackers.
ALPHV/BlackCat ransomware was first observed in 2021 and is known to operate as a ransomware-as-a-service (RaaS) model by selling malware subscriptions to criminals.
The Russian-affiliated gang carried out more than 200 ransom attacks in the first half of 2023 alone, according to a September report by Trend Micro, and is said to be responsible for approximately 12% of all attacks in 2022.
The group has easily caused over $1 billion in lost corporate revenue in 2023, according to security insiders.
Known for its triple-extortion tactics, the gang was responsible for the September ransomware attacks on the Las Vegas casino giants MGM Resorts, as well as Caesars International, who is rumored to have paid a $15 million ransom to keep operations running.
More from Cybernews:
TOC label:TOC id: #
Subscribe to our newsletter