Henry Schein reveals scope of data stolen by attackers

Henry Schein, a healthcare tech and product distribution business, informed nearly 30K employees about the scope of its recent data breach, revealing that virtually all their personal details were exposed.

Henry Schein continues to struggle with operations after it announced the ALPHV/BlackCat ransomware attack on the company in October. Now, it has revealed how the attack may have impacted its employees.

Information that Henry Schein submitted to the Maine Attorney General says that 29,112 individuals were affected in the breach. A sample of the letter the company sent to impacted individuals implies that most of those contacted are employees of the company or its subsidiaries.

However, the total number of people exposed via the ransomware attacks could be higher. For example, the company said it would contact employee’s dependents separately.

The scope of exposed data is remarkable. According to the breach notification letter, attackers accessed “personal information” about the employees that the company stores on its systems. Such information includes:

  • Names
  • Addresses
  • Phone numbers
  • Photographs
  • Dates of birth
  • Demographic and background information
  • Government-issued ID numbers (e.g., Social Security numbers, driver’s licenses or state identification numbers, passport numbers)
  • Financial information (e.g., bank account information, credit card number, loans)
  • Medical history
  • Treatment and insurance information
  • Details of employment at the Company (e.g., job title, compensation),
  • IP address

“The personal information that may have been impacted by the incident depends on, among other things, the particular information you have provided to the Company,” Henry Schein’s breach notification reads.

While the ransomware attack against the company was revealed in mid-October, its fallout continues to plague Henry Schein. Earlier this week, the Russia-linked ransomware operators called out the healthcare solutions giant – once again – for lack of “professionalism.”

Accompanying the gang’s rant is a 14-piece sample of the alleged 35TB of sensitive information ALPHV/BlackCat claims to have exfiltrated from Henry Schein servers. To add insult to injury, the gang posted a copy of a cybersecurity report detailing the events from the October ransomware attack, dated November 17th, 2023.

The report was done by a digital forensic expert and incident response and recovery firm hired by Henry Schein in the wake of the attack. The gang’s showcasing of the report is meant to intimidate the company, demonstrating that they can penetrate its defenses even after the initial attack.

ALPHV/BlackCat is among the most notorious operational ransomware cartels. According to Ransomlooker, the Cybernews’ ransomware monitoring tool, ALPHV was among the most active gangs in the last 12 months, victimizing over 320 organizations worldwide.

More from Cybernews:

Green Card Lottery agency exposes applicants’ data

Podcast: should we use AI to try to find aliens?

Thai threat actor named after folklore spirit

Meta finally rolls out default end-to-end encryption for Messenger

Nine in ten energy firms suffered supplier data breach

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked