Henry Schein reports cybersecurity incident, BlackCat hackers claim responsibility

Henry Schein, Inc. reports that a segment of its manufacturing and distribution operations encountered a cybersecurity incident. In response, Henry Schein took precautionary measures, including temporarily disabling systems and implementing containment procedures, resulting in a temporary disruption of some of its business activities.

The company is actively working to resolve this situation.

Henry Schein has determined that the practice management software used by its clients remains unaffected by this incident.

No further details are available regarding possible breached data or the nature of the incident.

To address the situation, the company has enlisted the assistance of external cybersecurity and forensic information technology experts. These experts are aiding in the investigation of any potential data impact and guiding the company's response. Additionally, Henry Schein has reported the incident to relevant law enforcement authorities.

Update - on 2nd November 2023 BlackCat/ALPHV ransomware syndicate claims that they infiltrated Henry Schein's network, and stole over 35 TB of confidential files. They allege that they re-encrypted the company's systems just as recovery efforts were nearing completion due to what they suggest was a breakdown in negotiations.

They threatened to publicly disclose sections of the internal payroll documentation and shareholder data and asserted they would persist in releasing data incrementally. However, the listing of Henry Schein on BlackCat's leak site was later removed, which may suggest renewed dialogue or a possible settlement of the ransom demand.

On 13th November 2023 Henry Schein confirmed the data breach and said bank account and credit card numbers may have been exposed.

On 22nd of November 2023 Henry Schein is once again restoring systems after a ransomware group that targeted the company claimed it re-encrypted files when negotiations stalled. Henry Schein informed customers that its applications, including its ecommerce platform, had become unavailable as a result of actions conducted by the same threat actor. The company said it expected disruptions to be short term, with the latest update, from November 26, informing customers that systems should be restored shortly.

As of 24th of October 2024, a year after the incident in October 2023, Henry Schein formally reports it. The compromised information encompassed personal details of approximately 166,432 individuals, including:

• Names
• Addresses
• Social Security numbers
• Financial information (e.g., bank account and credit card numbers)
• Medical records

The company notified affected individuals and offered identity theft protection services through Experian for two years